1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-28810 Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2022-28810 is a vulnerability that exists when custom password sync scripts are enabled when an adversary passes commands in the password field that can lead to remote code execution.
References
  1. https://www.greynoise.io/tagsmas/dec-13
  2. https://www.rapid7.com/blog/post/2022/04/14/cve-2022-28810-manageengine-adselfservice-plus-authenticated-command-execution-fixed/