Lucene search
HistoryNov 23, 2022 - 3:15 a.m.
CVE-2022-40770
cve-2022-40770
zoho manageengine
servicedesk plus
authenticated command injection
high-privileged users
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
57.3%
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Affected configurations
Node
zohocorpmanageengine_servicedesk_plusRange<13.0
ORzohocorpmanageengine_servicedesk_plusMatch13.013000
ORzohocorpmanageengine_servicedesk_plusMatch13.013001
ORzohocorpmanageengine_servicedesk_plusMatch13.013002
ORzohocorpmanageengine_servicedesk_plusMatch13.013003
ORzohocorpmanageengine_servicedesk_plusMatch13.013004
ORzohocorpmanageengine_servicedesk_plusMatch13.013005
ORzohocorpmanageengine_servicedesk_plusMatch13.013006
ORzohocorpmanageengine_servicedesk_plusMatch13.013007
ORzohocorpmanageengine_servicedesk_plusMatch13.013008
ORzohocorpmanageengine_servicedesk_plusMatch13.013009
ORzohocorpmanageengine_servicedesk_plusMatch13.013010
Node
zohocorpmanageengine_servicedesk_plus_mspRange<10.6
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.6-
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610600
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610601
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610602
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610603
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610604
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610605
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610606
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610607
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610608
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610609
ORzohocorpmanageengine_servicedesk_plus_mspMatch10.610610
Node
zohocorpmanageengine_supportcenter_plusRange<11.0
ORzohocorpmanageengine_supportcenter_plusMatch11.011000
ORzohocorpmanageengine_supportcenter_plusMatch11.011001
ORzohocorpmanageengine_supportcenter_plusMatch11.011002
ORzohocorpmanageengine_supportcenter_plusMatch11.011003
ORzohocorpmanageengine_supportcenter_plusMatch11.011004
ORzohocorpmanageengine_supportcenter_plusMatch11.011005
ORzohocorpmanageengine_supportcenter_plusMatch11.011006
ORzohocorpmanageengine_supportcenter_plusMatch11.011007
ORzohocorpmanageengine_supportcenter_plusMatch11.011008
ORzohocorpmanageengine_supportcenter_plusMatch11.011009
ORzohocorpmanageengine_supportcenter_plusMatch11.011010
ORzohocorpmanageengine_supportcenter_plusMatch11.011011
ORzohocorpmanageengine_supportcenter_plusMatch11.011012
ORzohocorpmanageengine_supportcenter_plusMatch11.011013
ORzohocorpmanageengine_supportcenter_plusMatch11.011014
ORzohocorpmanageengine_supportcenter_plusMatch11.011015
ORzohocorpmanageengine_supportcenter_plusMatch11.011016
ORzohocorpmanageengine_supportcenter_plusMatch11.011017
ORzohocorpmanageengine_supportcenter_plusMatch11.011018
ORzohocorpmanageengine_supportcenter_plusMatch11.011019
ORzohocorpmanageengine_supportcenter_plusMatch11.011020
ORzohocorpmanageengine_supportcenter_plusMatch11.011021
ORzohocorpmanageengine_supportcenter_plusMatch11.011022
ORzohocorpmanageengine_supportcenter_plusMatch11.011024
ORzohocorpmanageengine_supportcenter_plusMatch11.011025
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:* |
Related
zdi
zdi
prion
prion
Command injection
2022-11-23 03:15:00
cvelist
cvelist
CVE-2022-40770
2022-11-23 00:00:00
nessus
nessus
ManageEngine ServiceDesk Plus < 13.0 Build 13011 RCE
2022-12-02 00:00:00
ManageEngine ServiceDesk Plus MSP < 13.0 Build 13000 RCE
2022-12-02 00:00:00
ManageEngine SupportCenter Plus < 11.0 Build 11026 Multiple Vulnerabilities
2022-12-02 00:00:00
cve
cve
CVE-2022-40770
2022-11-23 03:15:10
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
57.3%
Related for NVD:CVE-2022-40770