CVE-2023-29084 Scanner
Detects 'OS Command Injection' vulnerability in Zoho ManageEngine ADManager Plus affects v. before 7181.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
Zoho ManageEngine ADManager Plus is a popular web-based Active Directory management and reporting tool designed to streamline and simplify the management of heterogeneous IT environments. With ADManager Plus, IT administrators can perform various tasks such as user provisioning, password reset, permissions management, group policy setting, and more.
However, the software is not without its vulnerabilities, and in particular, the CVE-2023-29084 vulnerability has recently been detected. This vulnerability allows authenticated users to exploit command injection via Proxy settings, which can result in unauthorized access and the potential compromise of the entire Active Directory infrastructure.
When exploited, this vulnerability can give attackers the ability to execute arbitrary commands on the server, which may allow them to access sensitive data, install malware, or perform other malicious activities. The consequences of a successful attack can range from the theft of sensitive information to the complete compromise of an organization’s entire IT infrastructure.
Thanks to the pro features of the s4e.io platform, readers can easily and quickly learn about vulnerabilities in their digital assets, including ADManager Plus. With comprehensive vulnerability scanning and reporting tools, as well as detailed remediation steps, s4e.io is an invaluable resource for IT administrators looking to secure their organization’s critical IT assets. By staying informed and taking proactive measures, organizations can effectively mitigate the risk of vulnerabilities and protect their assets against potential cyber threats.
REFERENCES