CVE-2024-5466

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Aug 23, 2024 / Updated: 2mo ago

010
CVSS 8.8EPSS 0.04%High
CVE info copied to clipboard

Summary

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to authenticated remote code execution in the deploy agent option. This vulnerability is associated with Improper Control of Generation of Code ('Code Injection').

Impact

This vulnerability allows an authenticated attacker with low privileges to execute arbitrary code remotely on the affected systems. The impact is severe, with high potential for compromising the confidentiality, integrity, and availability of the affected systems. Attackers could potentially gain unauthorized access, manipulate data, or disrupt services. The vulnerability has a CVSS v3.1 base score of 8.8, indicating a HIGH severity level. The attack vector is network-based, requires low attack complexity, and no user interaction, making it relatively easy to exploit once an attacker has low-level privileges.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Zohocorp has released updates to address this vulnerability. Users should upgrade ManageEngine OpManager and Remote Monitoring and Management to versions newer than 128329. Specific affected products and versions include: - ManageEngine OpManager: versions 12.7 and below, as well as 12.8-build128102, 12.8-build128103, 12.8-build128104, 12.8-build128186, and 12.8-build128187 - ManageEngine OpManager MSP: same version range as OpManager - ManageEngine OpManager Plus: same version range as OpManager Users can find more information about the patch at https://www.manageengine.com/itom/advisory/cve-2024-5466.html

Mitigation

1. Immediately upgrade ManageEngine OpManager and Remote Monitoring and Management to versions newer than 128329. 2. Implement strong access controls and the principle of least privilege to limit potential attackers. 3. Monitor and audit the use of the deploy agent option for any suspicious activities. 4. Implement network segmentation to isolate affected systems. 5. Regularly update and patch the software as soon as new versions become available. 6. Implement robust logging and monitoring to detect potential exploitation attempts. 7. If immediate patching is not possible, consider temporarily disabling the deploy agent option until the update can be applied.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-5466. See article

Aug 23, 2024 at 2:57 AM / #vulnerability
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 23, 2024 at 2:57 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (206271)

Aug 28, 2024 at 7:15 PM
Static CVE Timeline Graph

Affected Systems

Zohocorp/manageengine_opmanager
+null more

Patches

www.manageengine.com
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

Security Update for Zoho ManageEngine OpManager
Released Last Updated: 8/28/2024 CVEs: CVE-2024-5466 Plugins: 206271
ManageEngine OpManager RCE (CVE-2024-5466)
Nessus Plugin ID 206271 with High Severity Synopsis The remote web server hosts an application that is affected by a remote code execution vulnerability. Description Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Upgrade ManageEngine OpManager according to the vendor advisory. Read more at https://www.tenable.com/plugins/nessus/206271
Security bulletin - 28 Aug 2024 - Cyber Security Agency of Singapore
Security bulletin - 28 Aug 2024 Cyber Security Agency of Singapore
Critical SQL Injections Fixed In ManageEngine ADAudit And OpManager
ManageEngine, a leading provider of IT service management solutions, has issued security advisories for multiple SQL injection vulnerabilities affecting its ADAudit and OpManager products. An attacker with authenticated access to these features could potentially inject malicious SQL code, leading to unauthorized data access, modification, or deletion.
CVE-2024-5466
High Severity Description Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option. Read more at https://www.tenable.com/cve/CVE-2024-5466
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI