FortiGuard Labs is aware of a report that Proof-of-Concept code for a critical Zoho ManageEngine RCE vulnerability is actively exploited was released to the public. Patched in October and November, 2022, the vulnerability affects multiple on-premise ManageEngine products and allows attackers to perform remote code execution with SYSTEM level privileges.Why is this Significant?Although a patch is available for the Zoho ManageEngine RCE vulnerability (CVE-2022-47966), proof -of-concept code is now available to the public and exploit attempts for CVE-2022-47966 are expected to pick up because of it. Patch should be applied as soon as possible.What is CVE-2022-47966?The vulnerability affects multiple on-premise ManageEngine products due to use of Apache Santuario. Successful exploitation of the vulnerability allows attackers to perform remote code execution with SYSTEM level privileges. The vulnerability exists only when Security Assertion Markup Language (SAML) Single Sing On (SSO) is enabled or was enabled depending on the Zoho ManageEngine products.Has the Vendor Released an Advisory for CVE-2022-47966?Yes, the advisory is available. See the Appendix for a link to “Security advisory for remote code execution vulnerability in multiple ManageEngine products”.Which ManageEngine Products are Vulnerable to CVE-2022-47966?Affected ManageEngine products are available in the advisory.Has the Vendor Released a Patch for CVE-2022-47966?Yes, a patch was released in October 27th, 28th, and November 11th in 2022 depending on the ManageEngine products.What is the Status of Protection?FortiGuard Labs released the following IPS signature in version xxx for CVE-2022-47966:Zoho.ManageEngine.xmlsec.SAML.SSO.Remote.Code.Execution (default action is set to “pass”)
More Stories
ZDI-CAN-25373: Microsoft
A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...
DSA-5774-1 ruby-saml – security update
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...