ManageEngine ServiceDesk Plus < 14.0 Build 14004 RCE

critical Nessus Plugin ID 176861

Synopsis

The remote web server hosts an application that is affected by a remote code execution vulnerability.

Description

A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus prior to 14.0 Build 14004 due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to ManageEngine ServiceDesk Plus version 14.0 Build 14004, or later.

See Also

http://www.nessus.org/u?5404a809

http://www.nessus.org/u?e3bf854f

Plugin Details

Severity: Critical

ID: 176861

File Name: manageengine_servicedesk_plus_14004.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 6/7/2023

Updated: 12/5/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-47966

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_servicedesk_plus

Required KB Items: installed_sw/manageengine_servicedesk

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/27/2022

Vulnerability Publication Date: 1/18/2023

CISA Known Exploited Vulnerability Due Dates: 2/13/2023

Exploitable With

Core Impact

Metasploit (ManageEngine Endpoint Central Unauthenticated SAML RCE)

Reference Information

CVE: CVE-2022-47966