Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiNguyen Quoc Viet (Petrus Viet) of VNG Security ResearcherZDI-23-1488
HistorySep 29, 2023 - 12:00 a.m.

ManageEngine ADManager Plus installServiceWithCredentials Command Injection Remote Code Execution Vulnerability

2023-09-2900:00:00
Nguyen Quoc Viet (Petrus Viet) of VNG Security Researcher
www.zerodayinitiative.com
9
vulnerability
remote code execution
authentication required
installservicewithcredentials function
lack of validation
user-supplied string
system call
service account

EPSS

0.002

Percentile

55.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the installServiceWithCredentials function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account.

Related

githubexploit 1
nvd 1
cve 1
prion 1
cvelist 1
githubexploit
githubexploit
Exploit for CVE-2023-38743
2023-10-02 02:14:23
nvd
nvd
CVE-2023-38743
2023-09-11 19:15:42
cve
cve
CVE-2023-38743
2023-09-11 19:15:42
prion
prion
Command injection
2023-09-11 19:15:00
cvelist
cvelist
CVE-2023-38743
2023-09-11 00:00:00

EPSS

0.002

Percentile

55.5%

JSON
Related for ZDI-23-1488
githubexploit1nvd1cve1prion1cvelist1