virus logo Intrusion Prevention

ManageEngine.ADManager.Plus.CVE-2023-29084.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in Zoho Corporation ManageEngine ADManager Plus.
This vulnerability is due to improper input validation in the ChangePasswordAction process. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution in the context of the service account.

affected-products-logoAffected Products

Zoho Corporation ManageEngine ADManager Plus before build 7181

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2023-08-07 25.615
Modified
 Name:Zoho.
ManageEngine.
ChangePasswordAction.
Command.
Injection:ManageEngine.
ADManager.
Plus.
CVE-2023-29084.
Command.
Injection
2023-06-12 24.574
New
ID 52906
Created Apr 27, 2023
Updated Aug 04, 2023
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 93.88%
Default Action drop
Active
Affected OS Windows
Affected App Other
Profile Type Code Injection