Detections
Analytics
Zoho ManageEngine SAML SSO Remote Code Execution
critical Web App Scanning Plugin ID 113550
Language:
Synopsis
Zoho ManageEngine SAML SSO Remote Code ExecutionDescription
Multiple Zoho ManageEngine OnPremise products use an outdated Apache Santuario (xmlsec) component which fails to properly validate XML signatures of SAML responses received during the authentication flow. By crafting a specific HTTP request containing a malicious XML payload and sending it to the vulnerable product Assertion Consumer (ACS) URL, an attacker could achieve a remote unauthenticated Remote Code Execution (RCE) on the target instance.Solution
Update to a fixed version of the vulnerable product as described in the vendor security advisory.See Also
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
Plugin Details
Severity: Critical
ID: 113550
Type: remote
Family: Component Vulnerability
Published: 2/8/2023
Updated: 12/6/2023
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-47966
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2022-47966
Vulnerability Information
CPE: cpe:2.3:a:zohocorp:manageengine:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 1/18/2023
CISA Known Exploited Vulnerability Due Dates: 2/13/2023
Reference Information
CVE: CVE-2022-47966
CWE: 78
OWASP: 2010-A1, 2013-A1, 2013-A9, 2017-A1, 2017-A9, 2021-A3, 2021-A6
WASC: OS Commanding
DISA STIG: APSC-DV-002510, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SI-10
OWASP API: 2019-API7, 2019-API8, 2023-API8
OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.3.8