PoC Released for Zoho ManageEngine ADAudit Plus Vulnerability CVE-2022-28219

Security researchers released PoC for a previously disclosed unauthenticated remote code execution vulnerability affecting ADAudit Plus

Threat ID:: CC-4124
Threat Severity:: Medium
Published:: 1 July 2022 3:52 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security researchers released PoC for a previously disclosed unauthenticated remote code execution vulnerability affecting ADAudit Plus

Affected platforms

The following platforms are known to be affected:

Versions: Prior to 7060

Zoho ManageEngine ADAudit Plus

Threat details

Introduction

In March 2022, ManageEngine released a security update to address a critical remote code execution vulnerability affecting ADAudit Plus. The vulnerability is tracked as CVE-2022-28219 and has a CVSSv3 score of 9.8. Security researchers from Horizon3.ai, who reported the vulnerability to ManageEngine, have now released a Proof of Concept (PoC) code and a technical report.

CVE-2022-28219 could allow an attacker to perform unauthenticated remote code execution in the ADAudit Plus server by exploiting XML External Entities (XXE), Java deserialization and path traversal vulnerabilities. A remote unauthenticated attacker could exploit this vulnerability to take control of an affected system.

Previous targeting of Zoho ManageEngine products

Vulnerabilities in Zoho ManageEngine products are frequently targeted as an attack vector

Remediation advice

Affected organisations are encouraged to review the ManageEngine Advisory and apply the necessary updates to the latest release.

Definitive source of threat updates

https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html

CVE Vulnerabilities

Status Published

CVE-2022-28219

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

Last edited: 1 July 2022 3:52 pm