CVE-2022-28810

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability

Severity Score

6.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.

Zoho ManageEngine ADSelfService Plus antes de la compilación 6122 permite a un administrador remoto autenticado ejecutar comandos arbitrarios del sistema operativo como SYSTEM a través de la función de script personalizado de la política. Debido al uso de una contraseña de administrador por defecto, los atacantes pueden ser capaces de abusar de esta funcionalidad con un esfuerzo mínimo. Además, un atacante remoto y parcialmente autenticado puede ser capaz de inyectar comandos arbitrarios en el script personalizado debido a un campo de contraseña no saneado

Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-08 CVE Reserved
2022-04-18 CVE Published
2023-03-07 Exploited in Wild
2023-03-28 KEV Due Date
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-11-22 EPSS Updated

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-798: Use of Hard-coded Credentials

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
http://packetstormsecurity.com/files/166816/ManageEngine-ADSelfService-Plus-Custom-Script-Execution.html	2024-08-03
https://github.com/rapid7/metasploit-framework/pull/16475	2024-08-03
https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed	2024-08-03

URL	Date	SRC
https://www.manageengine.com/products/self-service-password/kb/cve-2022-28810.html	2022-04-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				< 6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version " < 6.1"		-		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		-		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6100		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6101		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6102		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6103		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6104		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6105		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6106		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6107		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6108		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6109		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6110		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6111		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6112		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6113		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6114		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6115		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6116		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6117		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6118		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6119		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6120		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Adselfservice Plus Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus"				6.1 Search vendor "Zohocorp" for product "Manageengine Adselfservice Plus" and version "6.1"		6121		Affected