HTTP: Zoho ManageEngine Multiple Products getDNSResolveOption Command Injection
This signature detects attempts to exploit a known vulnerability against Zoho OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Affected Products
Zohocorp manageengine_supportcenter_plus
References
CVE: CVE-2022-40770
URL: https://www.zerodayinitiative.com/advisories/ZDI-22-1179/ https://www.zerodayinitiative.com/advisories/ZDI-22-1183/ https://www.zerodayinitiative.com/advisories/ZDI-22-1184/ http://www.zerodayinitiative.com/advisories/ZDI-22-1180/ http://www.zerodayinitiative.com/advisories/ZDI-22-1181/ http://www.zerodayinitiative.com/advisories/ZDI-22-1182/ http://www.zerodayinitiative.com/advisories/ZDI-22-1611/ https://www.manageengine.com/products/service-desk/CVE-2022-40770.html https://da22le.github.io/zoho-manageengine-opmanager-%E4%B8%A4%E4%B8%AArce/
Short Name
HTTP:CTS:ZOHO-DNS-RSLV-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2022-37024 CVE-2022-38772 CVE-2022-40770 Command Injection ManageEngine Multiple Products Zoho getDNSResolveOption
Release Date
10/04/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3666
False Positive
Unknown
Vendors
Zohocorp