CVE-2022-47966 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 4, 2024
This vulnerability allows remote code execution due to the use of an outdated Apache xmlsec library (version 1.4.1). Systems running vulnerable versions of Zoho ManageEngine products are at risk, and exploitation is possible if SAML SSO has ever been configured for a product. It's essential for users to update their systems to protect against this vulnerability.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, check if you've ever configured SAML SSO for any of the affected Zoho ManageEngine products, such as ServiceDesk Plus, Active Directory 360, ADAudit Plus, and many others. The vulnerability impacts specific versions of these products, so it's essential to verify if your product version is among the affected ones. For example, ServiceDesk Plus versions 14003 and below, Active Directory 360 versions 4309 and below, and ADAudit Plus versions 7080 and below are affected.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your Zoho ManageEngine product to the latest version. Follow these steps: 1) Check if your product is among the affected ones, 2) Visit the vendor's website for update instructions, 3) Apply the update as directed, and 4) Ensure SAML SSO is configured securely. By updating your system, you'll protect it from potential exploitation.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability, was added on January 23, 2023, with a due date of February 13, 2023. This issue allows remote code execution due to an outdated library. Exploitation is only possible if SAML SSO has ever been configured for a product. To protect against this vulnerability, it's crucial to update affected systems and ensure secure SAML SSO configurations.
Weakness enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation. This issue allows remote code execution in multiple Zoho ManageEngine products due to an outdated library. Exploitation is possible if SAML SSO has been configured for a product.
For more details
CVE-2022-47966 is a critical vulnerability affecting multiple Zoho ManageEngine products, allowing remote code execution due to an outdated library. To gain a deeper understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, you can refer to the detailed analysis on the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-47966 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 4, 2024
This vulnerability allows remote code execution due to the use of an outdated Apache xmlsec library (version 1.4.1). Systems running vulnerable versions of Zoho ManageEngine products are at risk, and exploitation is possible if SAML SSO has ever been configured for a product. It's essential for users to update their systems to protect against this vulnerability.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, check if you've ever configured SAML SSO for any of the affected Zoho ManageEngine products, such as ServiceDesk Plus, Active Directory 360, ADAudit Plus, and many others. The vulnerability impacts specific versions of these products, so it's essential to verify if your product version is among the affected ones. For example, ServiceDesk Plus versions 14003 and below, Active Directory 360 versions 4309 and below, and ADAudit Plus versions 7080 and below are affected.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your Zoho ManageEngine product to the latest version. Follow these steps: 1) Check if your product is among the affected ones, 2) Visit the vendor's website for update instructions, 3) Apply the update as directed, and 4) Ensure SAML SSO is configured securely. By updating your system, you'll protect it from potential exploitation.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability, was added on January 23, 2023, with a due date of February 13, 2023. This issue allows remote code execution due to an outdated library. Exploitation is only possible if SAML SSO has ever been configured for a product. To protect against this vulnerability, it's crucial to update affected systems and ensure secure SAML SSO configurations.
Weakness enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation. This issue allows remote code execution in multiple Zoho ManageEngine products due to an outdated library. Exploitation is possible if SAML SSO has been configured for a product.
For more details
CVE-2022-47966 is a critical vulnerability affecting multiple Zoho ManageEngine products, allowing remote code execution due to an outdated library. To gain a deeper understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, you can refer to the detailed analysis on the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2022-47966 Report - Details, Severity, & Advisories
Twingate Team
•
Jan 4, 2024
This vulnerability allows remote code execution due to the use of an outdated Apache xmlsec library (version 1.4.1). Systems running vulnerable versions of Zoho ManageEngine products are at risk, and exploitation is possible if SAML SSO has ever been configured for a product. It's essential for users to update their systems to protect against this vulnerability.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, check if you've ever configured SAML SSO for any of the affected Zoho ManageEngine products, such as ServiceDesk Plus, Active Directory 360, ADAudit Plus, and many others. The vulnerability impacts specific versions of these products, so it's essential to verify if your product version is among the affected ones. For example, ServiceDesk Plus versions 14003 and below, Active Directory 360 versions 4309 and below, and ADAudit Plus versions 7080 and below are affected.
What should I do if I'm affected?
If you're affected by the vulnerability, it's crucial to update your Zoho ManageEngine product to the latest version. Follow these steps: 1) Check if your product is among the affected ones, 2) Visit the vendor's website for update instructions, 3) Apply the update as directed, and 4) Ensure SAML SSO is configured securely. By updating your system, you'll protect it from potential exploitation.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
Yes, it is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability, named Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability, was added on January 23, 2023, with a due date of February 13, 2023. This issue allows remote code execution due to an outdated library. Exploitation is only possible if SAML SSO has ever been configured for a product. To protect against this vulnerability, it's crucial to update affected systems and ensure secure SAML SSO configurations.
Weakness enumeration
The weakness enumeration for this vulnerability is "Insufficient Information", indicating a lack of specific details about the vulnerability and its mitigation. This issue allows remote code execution in multiple Zoho ManageEngine products due to an outdated library. Exploitation is possible if SAML SSO has been configured for a product.
For more details
CVE-2022-47966 is a critical vulnerability affecting multiple Zoho ManageEngine products, allowing remote code execution due to an outdated library. To gain a deeper understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, you can refer to the detailed analysis on the NVD page or the links below.