CVE-2023-47211

Опубликовано: 08 янв. 2024

Источник: nvd

CVSS3: 9.1

CVSS3: 8.6

EPSS Высокий

Описание

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851
Exploit
Third Party Advisory
https://www.manageengine.com/itom/advisory/cve-2023-47211.html
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851
Exploit
Third Party Advisory
https://www.manageengine.com/itom/advisory/cve-2023-47211.html
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1851

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*

Версия до 12.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127244:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127257:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127259:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*

Версия до 12.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127244:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127255:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127257:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127259:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*

Версия до 12.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127243:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127257:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127259:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*

Версия до 12.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127243:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127255:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127256:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127257:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127258:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127259:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*

Версия до 12.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127109:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127122:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127123:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127138:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127139:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127140:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127141:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127142:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.7:build127259:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*

Версия до 12.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127109:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127122:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127123:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127138:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127139:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127140:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127141:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127142:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.7:build127259:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*

Версия до 12.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127258:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127259:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.823

Высокий

9.1 Critical

CVSS3

8.6 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-85h3-wq5q-6x6j

CVSS3: 9.1

github

около 2 лет назад

BDU:2024-01516

CVSS3: 9.1

fstec

около 2 лет назад

Уязвимость функции uploadMib программного обеспечения для мониторинга сети OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils и анализатора сетевого трафика NetFlow Analyzer, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%

0.823

Высокий

9.1 Critical

CVSS3

8.6 High

CVSS3

Дефекты

CWE-22