Cyber Resilience

CVE-2023-35785

High

Published: 28 August 2023

Published
28 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0028 51.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-35785 is a high-severity Improper Authentication (CWE-287) vulnerability in Zohocorp Manageengine Assetexplorer. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 48.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and…

more

below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zohocorp
manageengine ad360
4.3 · ≤ 4.3
zohocorp
manageengine adaudit plus
7.2 · ≤ 7.2
zohocorp
manageengine admanager plus
7.2 · ≤ 7.2
zohocorp
manageengine assetexplorer
6.9, 7.0 · ≤ 6.9
zohocorp
manageengine cloud security plus
4.1 · ≤ 4.1
zohocorp
manageengine datasecurity plus
6.1 · ≤ 6.1
zohocorp
manageengine eventlog analyzer
12.3.0 · ≤ 12.3.0
zohocorp
manageengine exchange reporter plus
5.7 · ≤ 5.7
zohocorp
manageengine log360
5.3 · ≤ 5.3
zohocorp
manageengine log360 ueba
4.0
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-287

Detects unauthorized successful logons resulting from improper authentication implementations.

addresses: CWE-287

Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.

addresses: CWE-287

Security awareness training instructs users on secure authentication practices and avoiding credential compromise.

addresses: CWE-287

Training on authentication mechanisms and best practices decreases the occurrence of improper authentication.

addresses: CWE-287

Non-repudiation requires strong authentication mechanisms to irrefutably attribute performed actions to specific individuals or processes.

addresses: CWE-287

Session content review can reveal authentication bypasses or failures in session establishment.

addresses: CWE-287

Review of authentication-related audit records can detect improper authentication mechanisms or bypasses.

addresses: CWE-287

Assessments check authentication mechanisms for correct implementation and effectiveness, reducing successful authentication bypass attempts.

References