virus logo Client Application Firewall

ManageEngine.NCM.ping.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in ManageEngine Network Configuration Manager.
This vulnerability is due to insufficient validation in the ipaddress field of the ping functionality in add device web interface. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary code execution in the security context of the web server.

affected-products-logoAffected Products

ManageEngine Network Configuration Manager prior to 125488

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/network-configuration-manager/release-notes.html#125488

Version Updates

Date Version Status Detail
2023-10-24 25.663
Modified
 Sig Added
2023-08-09 25.618
Modified
 Name:Zoho.
ManageEngine.
NCM.
ping.
Command.
Injection:ManageEngine.
NCM.
ping.
Command.
Injection
2023-05-02 23.544
Modified
 Sig Added
ID 51085
Created Jan 10, 2022
Updated Oct 24, 2023
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 73.76%
Default Action drop
Affected OS Windows, Linux
Affected App Other
Profile Type Code Injection