CVE-2022-38772
Published: 29 August 2022
Summary
CVE-2022-38772 is a high-severity an unspecified weakness vulnerability in Zohocorp Manageengine Opmanager. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils versions prior to 125658, 126003, 126105, and 126120 contain a vulnerability that permits authenticated users to alter database entries, resulting in remote code execution through the NMAP feature. The issue carries a CVSS 3.1 score of 8.8 and affects multiple ManageEngine IT operations management products that share the same underlying code base.
An attacker with valid low-privileged credentials can exploit the flaw over the network without user interaction to modify database records and trigger arbitrary code execution, achieving full compromise of confidentiality, integrity, and availability on the affected server.
Vendor advisories published at manageengine.com and https://www.manageengine.com/itom/advisory/cve-2022-38772.html direct customers to apply the listed fixed builds to eliminate the database modification path that leads to NMAP-based code execution.
The associated EPSS score has remained flat at its peak value of 0.3914 since disclosure, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-41335
Vulnerability details
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.