Lucene search

[email protected]NVD:CVE-2023-48646

HistoryNov 22, 2023 - 6:15 p.m.

CVE-2023-48646

2023-11-2218:15:09

[email protected]

web.nvd.nist.gov

zoho manageengine recoverymanager

admin users

command execution

proxy settings

cve-2023-48646

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.3%

JSON

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.

Affected configurations

Nvd

Node

zohocorpmanageengine_recoverymanager_plusRange<6.0

zohocorpmanageengine_recoverymanager_plusMatch6.0build6001

zohocorpmanageengine_recoverymanager_plusMatch6.0build6003

zohocorpmanageengine_recoverymanager_plusMatch6.0build6005

zohocorpmanageengine_recoverymanager_plusMatch6.0build6011

zohocorpmanageengine_recoverymanager_plusMatch6.0build6016

zohocorpmanageengine_recoverymanager_plusMatch6.0build6017

zohocorpmanageengine_recoverymanager_plusMatch6.0build6020

zohocorpmanageengine_recoverymanager_plusMatch6.0build6025

zohocorpmanageengine_recoverymanager_plusMatch6.0build6026

zohocorpmanageengine_recoverymanager_plusMatch6.0build6030

zohocorpmanageengine_recoverymanager_plusMatch6.0build6031

zohocorpmanageengine_recoverymanager_plusMatch6.0build6032

zohocorpmanageengine_recoverymanager_plusMatch6.0build6041

zohocorpmanageengine_recoverymanager_plusMatch6.0build6042

zohocorpmanageengine_recoverymanager_plusMatch6.0build6043

zohocorpmanageengine_recoverymanager_plusMatch6.0build6044

zohocorpmanageengine_recoverymanager_plusMatch6.0build6047

zohocorpmanageengine_recoverymanager_plusMatch6.0build6049

zohocorpmanageengine_recoverymanager_plusMatch6.0build6050

zohocorpmanageengine_recoverymanager_plusMatch6.0build6051

zohocorpmanageengine_recoverymanager_plusMatch6.0build6053

zohocorpmanageengine_recoverymanager_plusMatch6.0build6054

zohocorpmanageengine_recoverymanager_plusMatch6.0build6056

zohocorpmanageengine_recoverymanager_plusMatch6.0build6057

zohocorpmanageengine_recoverymanager_plusMatch6.0build6058

zohocorpmanageengine_recoverymanager_plusMatch6.0build6060

zohocorpmanageengine_recoverymanager_plusMatch6.0build6061

zohocorpmanageengine_recoverymanager_plusMatch6.0build6062

VendorProductVersionCPE
zohocorpmanageengine_recoverymanager_plus*cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_recoverymanager_plus	*	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus::::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025::::::
zohocorp	manageengine_recoverymanager_plus	6.0	cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026::::::

Rows per page:

1-10 of 291

References

www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.3%

JSON

Related for NVD:CVE-2023-48646

zdi1 cvelist1 prion1 cve1