Lucene search

INCIBEVULNRICHMENT:CVE-2023-4769

HistoryNov 03, 2023 - 10:55 a.m.

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

2023-11-0310:55:13

CWE-918

INCIBE

github.com

ssrf

manageengine

desktop central

version 9.1.0

http requests

targeted attacks

cross-port attack

service enumeration

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

73.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:manageengine:desktop_central:9.1.0:*:*:*:*:*:*:*"
    ],
    "vendor": "manageengine",
    "product": "desktop_central",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.004

Percentile

73.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-4769