HTTP: Zoho ManageEngine Application Manager Command Injection
This signature detects attempts to exploit a known vulnerability against Zoho Manage Engine. Successful exploitation can result in remote command execution conditions.
Extended Description
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
Affected Products
Zohocorp manageengine_applications_manager
Short Name
HTTP:CTS-CVE-2018-7890-CMD-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Application CVE-2018-7890 Command Injection ManageEngine Manager Zoho bid:103358
Release Date
06/19/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
10.0