Overview
- Description
- Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:N/AC:H/Au:S/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
- Exploit added on
- Mar 7, 2023
- Exploit action due
- Mar 28, 2023
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A79AAA12-67D4-4343-9E0B-249C07144DD8",
"versionEndExcluding": "6.1"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2320EEE-367C-4CE1-8AC4-048B97DE71F3"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6100:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1E5484A-D834-4C7A-962C-C78CF0CDAA8B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FA21683-29F7-44EB-84C6-D29C6C64DE97"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BE0B72F-2963-4666-9A82-7812BFB52DB0"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6103:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85DD7E26-B9C5-4DCC-8F50-F5884AF61105"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6104:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC37608E-E61B-4333-8358-50C8377A1ABF"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6105:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C13EF458-FE95-49E5-9A13-04C96C3F114A"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6106:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12919644-3D85-488C-89A3-58A1FB31279D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6107:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75206A94-9155-48D7-A378-5020877B8B97"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6108:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E50CF265-DE6F-4281-8300-06D54185AA43"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6109:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB577C00-1412-4F87-B91A-5E956EB2213F"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6110:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C7681FA-FC15-49CE-9288-3C4E361F4D21"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6111:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80F12A94-93C5-4442-8FB3-4E02E4DECCEB"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6112:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17270CDC-C800-4B5A-BEAA-83AF455BBBEA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6113:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAFE53B1-7736-4560-8FEF-AA0F56FEACF2"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6114:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5491174-9BE3-4FBF-AEF5-6A313E2CEBA0"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6115:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E407C5F1-43D0-4B5D-A3B8-A48A7024CCB1"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6116:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EC89DCA-D24A-46BB-8086-C306BB4CDABD"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6117:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45BEF834-4A4B-4CB0-BEBF-73A03FDAC773"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6118:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E319DA11-0C76-4F52-A197-FFBF4F30BB55"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6119:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B928577F-3183-4305-9009-A8C6970477D6"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6120:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE6F33B5-418E-4B38-81EB-090E4F3AF89A"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.1:6121:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DD9B2CF-8EBE-454D-8A81-873C0A8ACAA9"
}
],
"operator": "OR"
}
]
}
]