Intrusion PreventionManageEngine.Multiple.Products.NMAP.Feature.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in Zoho Corporation ManageEngine OpUtils.
These vulnerabilities are due to improper input validation on the getNmapInitialOption function. A remote, authenticated attacker could exploit these vulnerability by sending a crafted request to the target server. Successfully exploiting these vulnerabilities could result in OS command injection or, in the worst case, remote code execution.
Affected Products
Zoho Corporation ManageEngine Netflow Analyzer build 125450 through 125657
Zoho Corporation ManageEngine Netflow Analyzer build 125664
Zoho Corporation ManageEngine Netflow Analyzer build 126000 through 126002
Zoho Corporation ManageEngine Netflow Analyzer build 126100 through 126104
Zoho Corporation ManageEngine Netflow Analyzer build 126113 through 126119
Zoho Corporation ManageEngine Network Configuration Manager build 125450 through 125657
Zoho Corporation ManageEngine Network Configuration Manager build 125664
Zoho Corporation ManageEngine Network Configuration Manager build 126000 through 126002
Zoho Corporation ManageEngine Network Configuration Manager build 126100 through 126104
Zoho Corporation ManageEngine Network Configuration Manager build 126113 through 126119
Zoho Corporation ManageEngine OpManager build 125450 through 125657
Zoho Corporation ManageEngine OpManager build 125664
Zoho Corporation ManageEngine OpManager build 126000 through 126002
Zoho Corporation ManageEngine OpManager build 126100 through 126104
Zoho Corporation ManageEngine OpManager build 126113 through 126119
Zoho Corporation ManageEngine OpManager MSP build 125450 through 125657
Zoho Corporation ManageEngine OpManager MSP build 125664
Zoho Corporation ManageEngine OpManager MSP build 126000 through 126002
Zoho Corporation ManageEngine OpManager MSP build 126100 through 126104
Zoho Corporation ManageEngine OpManager MSP build 126113 through 126119
Zoho Corporation ManageEngine OpManager Plus build 125450 through 125657
Zoho Corporation ManageEngine OpManager Plus build 125664
Zoho Corporation ManageEngine OpManager Plus build 126000 through 126002
Zoho Corporation ManageEngine OpManager Plus build 126100 through 126104
Zoho Corporation ManageEngine OpManager Plus build 126113 through 126119
Zoho Corporation ManageEngine OpUtils build 125450 through 125657
Zoho Corporation ManageEngine OpUtils build 125664
Zoho Corporation ManageEngine OpUtils build 126000 through 126002
Zoho Corporation ManageEngine OpUtils build 126100 through 126104
Zoho Corporation ManageEngine OpUtils build 126113 through 126119
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/itom/advisory/cve-2022-38772.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-09 | 25.618 | Name:Zoho. ManageEngine. getNmapInitialOption. Command. Injection:ManageEngine. Multiple. Products. NMAP. Feature. Command. Injection |
| 2022-11-16 | 22.441 | Default_action:pass:drop |
| 2022-11-08 | 22.435 |
| ID | 52278 |
| Created | Oct 31, 2022 |
| Updated | Aug 08, 2023 |
| Risk |
|
| CVE ID | CVE-2022-38772 |
| Exploit Prediction Score | 0.86% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |