HTTP: Zoho ManageEngine OpManager oputilsServlet Authentication Bypass
This signature detects attempt to exploit an authentication bypass vulnerability which has been reported in ManageEngine OpManager. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could lead to authentication bypass and grant the attacker the control of the service.
Extended Description
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter.
Affected Products
Zohocorp manageengine_opmanager
References
CVE: CVE-2018-17283
Short Name
HTTP:ZOHO-MGR-OPUTIL-BYP
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Authentication Bypass CVE-2018-17283 ManageEngine OpManager Zoho oputilsServlet
Release Date
10/25/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Unknown
Vendors
Zohocorp
CVSS Score
5.0