HTTP: Zoho ManageEngine SupportCenter Plus Custom Schedules Executor Command Injection
This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine SupportCenter Plus Custom Schedules Executor. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
Affected Products
Zohocorp manageengine_supportcenter_plus
References
CVE: CVE-2023-23076
URL: https://www.manageengine.com/products/support-center/CVE-2023-23076.html
Short Name
HTTP:CTS:ZOHO-MGNE-SC-CSTM-CI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2023-23076 Command Custom Executor Injection ManageEngine Plus Schedules SupportCenter Zoho
Release Date
03/28/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3661
False Positive
Unknown
Vendors
Zohocorp