Security News > 2022 > July > Zoho ManageEngine ADAudit Plus bug gets public RCE exploit

Zoho ManageEngine ADAudit Plus bug gets public RCE exploit
2022-07-01 19:45

Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.

Zoho addressed the issue at the end of March in ADAudit Plus build 7060 after security researcher Naveen Sunkavally at Horizon3.

Once Sunkavally found a way to execute code remotely, he started to look for methods to upload files without authentication and found that some ADAudit Plus endpoints used by agents running on the machine to upload security events did not require authentication.

The researcher says that the default in ADAudit Plus is Java 8u051 and he found that three quarters of the installations are running an older version of Java runtime.

Ai published code that exploits CVE-2022-28219 in ManageEngine ADAudit Plus builds before 7060 to execute the calculator app in Windows.

Although ADAudit Plus stores the credentials in an encrypted state, the researcher says that "It's possible to reverse the encryption to access these credentials in the clear."


News URL

https://www.bleepingcomputer.com/news/security/zoho-manageengine-adaudit-plus-bug-gets-public-rce-exploit/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-05 CVE-2022-28219 XXE vulnerability in Zohocorp Manageengine Adaudit Plus
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
network
low complexity
zohocorp CWE-611
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Manageengine 9 0 3 4 3 10
Zoho 4 0 3 4 0 7