CVE-2022-28810

Exploited in the Wild

Reported by egalinkin-r7 and 2 more...
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

exploit/windows/http/manageengine_adselfservice_plus_cve_2022_28810

Description

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

Metasploit Modules

exploit/windows/http/manageengine_adselfservice_plus_cve_2022_28810 (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2022_28810.rb)

Exploited in the Wild

Reported by:

egalinkin-r7 indicated source as Personally observed in an environment (https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/)

Reported: November 16, 2022 4:55pm UTC (2 years ago)

mkienow-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: March 07, 2023 6:47pm UTC (1 year ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2023/03/07/cisa-adds-three-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:22am UTC (1 week ago)

References

Rapid7

Unknown

CVE-2022-28810

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2022-28810

Description

Add Assessment