CVE-2022-29081 Scanner

Zoho ManageEngine is widely used by enterprises for IT management solutions, providing tools for network management, IT service management, and security operations. IT administrators utilize ManageEngine products to monitor and secure their infrastructure across multiple locations. Its comprehensive suite offers functionalities like password management, privileged access management, and network configuration. The software facilitates extensive reporting, auditing, and compliance tracking. Organizations implement ManageEngine solutions to ensure stronger controls over their IT operations and reduce the risks associated with unauthorized access. It is particularly favored by organizations seeking cost-effective and robust IT management solutions.

The Path Traversal vulnerability in Zoho ManageEngine allows attackers to bypass access controls on specific REST API endpoints. The vulnerability is notable for its potential to lead to unauthorized data access or manipulation if exploited. Unprotected endpoints could be easily exploited to extract sensitive information or manipulate data without prior authentication. Given the critical CVSS score, addressing this vulnerability is crucial for maintaining the security integrity of Zoho ManageEngine installations. Security teams must prioritize it due to its severity and the widespread use of ManageEngine products in various industries. The vulnerability impacts Access Manager Plus versions before 4302, Password Manager Pro versions before 12007, and PAM360 versions before 5401.

The vulnerability primarily resides in REST API URLs using the `../RestAPI` substring, including but not limited to endpoints like `SSOutAction`, `SSLAction`, `LicenseMgr`, `GetProductDetails`, `GetDashboard`, `FetchEvents`, and `Synchronize`. Attackers can craft requests to these endpoints to exploit the inconsistency in access control mechanisms, bypassing existing security checks. The exploitation involves unauthorized REST API calls to these endpoints, potentially leading to data theft or alteration. Arbitrary calls to these endpoints with inadequate controls can yield critical configuration details like build numbers, licenses, and versions. The vulnerable entry points present a significant risk vector given their critical nature in the system operations.

If exploited, this vulnerability may lead to unauthorized reading or manipulation of sensitive configuration data. Attackers could gain access to critical system information or alter configurations, potentially creating backdoors for further intrusion. Data breaches could occur if attackers exploit these endpoints to extract sensitive user or system data. The compromised systems may experience integrity breaches or data corruption, affecting overall operations. In worst-case scenarios, attackers might destabilize system processes or gain escalated privileges, posing long-term threats to organization security postures. Mitigating this risk promptly is vital to prevent unauthorized access and data breaches.

REFERENCES

• https://www.tenable.com/security/research/tra-2022-14
• https://www.manageengine.com/privileged-session-management/advisory/cve-2022-29081.html
• https://nvd.nist.gov/vuln/detail/CVE-2022-29081