CVE-2022-23050
Published: 24 May 2022
Summary
CVE-2022-23050 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Zohocorp Manageengine Applications Manager. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 3.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
ManageEngine AppManager15 (Build No:15510) contains a DLL hijacking vulnerability tracked as CVE-2022-23050 and assigned CWE-427. An authenticated administrator can use the product's "Upload Files / Binaries" feature to place an arbitrary DLL inside the application's "working" folder, after which the process loads the attacker-controlled library because of an uncontrolled search path element.
An attacker who already possesses administrative credentials can therefore upload a malicious DLL over the network and obtain arbitrary code execution with the privileges of the AppManager service, resulting in full compromise of confidentiality, integrity, and availability. The CVSS 3.1 score of 7.2 reflects the need for high privileges while confirming that no user interaction or additional attack complexity is required once those credentials are obtained.
ManageEngine published a security advisory and corresponding patch that addresses the issue for AppManager15; the Fluid Attacks advisory provides technical reproduction steps and confirms the same vector. The EPSS score has remained flat at 0.2737 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28160
Vulnerability details
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.