ManageEngine ServiceDesk Plus MSP Unauthenticated RCE (CVE-2022-47966)

critical Nessus Plugin ID 171285

Synopsis

A help desk application is affected by a remote code execution vulnerability.

Description

The ManageEngine ServiceDesk Plus MSP running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code.

This plugin requires that both the scanner and target machine have internet access.

Solution

Upgrade to ManageEngine ServiceDesk Plus build 13001 or later.

See Also

http://www.nessus.org/u?5404a809

http://www.nessus.org/u?477eba27

Plugin Details

Severity: Critical

ID: 171285

File Name: manageengine_servicedesk_msp_cve-2022-47966.nbin

Version: 1.36

Type: remote

Family: CGI abuses

Published: 2/10/2023

Updated: 10/10/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-47966

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_servicedesk_plus_msp

Required KB Items: installed_sw/manageengine_servicedesk

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 10/27/2022

Vulnerability Publication Date: 10/27/2022

CISA Known Exploited Vulnerability Due Dates: 2/13/2023

Exploitable With

Core Impact

Metasploit (ManageEngine Endpoint Central Unauthenticated SAML RCE)

Reference Information

CVE: CVE-2022-47966

IAVA: 2023-A-0017