Security News > 2023 > January > PoC for critical ManageEngine bug to be released, so get patching! (CVE-2022-47966)

If your enterprise is running ManageEngine products that were affected by CVE-2022-47966, check now whether they've been updated to a non-vulnerable version because Horizon3's will be releasing technical details and a PoC exploit this week.

CVE-2022-47966 is an unauthenticated remote code execution vulnerability that has been found by a researcher with Viettel Cyber Security in two dozen ManageEngine products, including Access Manager Plus, ADSelfService Plus, Endpoint DLP, Password Manager Pro, PAM360, ServiceDesk Plus, and others.

The source of the vulnerability was an outdated version of the Apache Santuario library, which provides implementation of security standards for XML. The vulnerability is only exploitable if SAML single sign-on is currently or has been previously enabled on those products, and can be exploited by crafting a SAML request with an invalid signature.

The company released fixed versions of each product throughout October and November 2022 and, hopefully, most organizations have already upgraded their installations.

Attackers often take advantage of flaws in Zoho's ManageEngine offerings.

"ManageEngine products are some of the most widely used across enterprises and perform business functions such as authentication, authorization, and identity management. Given the nature of these products, a vulnerability such as this poses critical risk to organizations allowing attackers initial access, if exposed to the internet, and the ability for lateral movement with highly privileged credentials," Horseman pointed out.

News URL

https://www.helpnetsecurity.com/2023/01/17/cve-2022-47966-poc/