Security News > 2022 > July > Zoho ManageEngine ADAudit Plus bug gets public RCE exploit
Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.
Zoho addressed the issue at the end of March in ADAudit Plus build 7060 after security researcher Naveen Sunkavally at Horizon3.
Once Sunkavally found a way to execute code remotely, he started to look for methods to upload files without authentication and found that some ADAudit Plus endpoints used by agents running on the machine to upload security events did not require authentication.
The researcher says that the default in ADAudit Plus is Java 8u051 and he found that three quarters of the installations are running an older version of Java runtime.
Ai published code that exploits CVE-2022-28219 in ManageEngine ADAudit Plus builds before 7060 to execute the calculator app in Windows.
Although ADAudit Plus stores the credentials in an encrypted state, the researcher says that "It's possible to reverse the encryption to access these credentials in the clear."
News URL
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-28219 | XXE vulnerability in Zohocorp Manageengine Adaudit Plus Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 |