ManageEngine ServiceDesk Plus Unauthenticated RCE (CVE-2022-47966)

critical Nessus Plugin ID 171078


A help desk application is affected by a remote code execution vulnerability.


The ManageEngine ServiceDesk Plus running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code.

This plugin requires that both the scanner and target machine have internet access.


Upgrade to ManageEngine ServiceDesk Plus build 14004 or later.

See Also

Plugin Details

Severity: Critical

ID: 171078

File Name: manageengine_servicedesk_cve-2022-47966.nbin

Version: 1.26

Type: remote

Family: CGI abuses

Published: 2/7/2023

Updated: 2/22/2024

Supported Sensors: Nessus

Risk Information


Risk Factor: Critical

Score: 9.7


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-47966


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_servicedesk_plus

Required KB Items: installed_sw/manageengine_servicedesk

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 10/27/2022

Vulnerability Publication Date: 10/27/2022

CISA Known Exploited Vulnerability Due Dates: 2/13/2023

Exploitable With

Core Impact

Metasploit (ManageEngine Endpoint Central Unauthenticated SAML RCE)

Reference Information

CVE: CVE-2022-47966

IAVA: 2023-A-0017