CVE-2024-0252
Published: 11 January 2024
Summary
CVE-2024-0252 is a high-severity Code Injection (CWE-94) vulnerability in Zohocorp Manageengine Adselfservice Plus. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
ManageEngine ADSelfService Plus versions 6401 and below are affected by CVE-2024-0252, a remote code execution vulnerability caused by improper handling in the load balancer component. The flaw is rated 8.8 under CVSS 3.1 and is associated with CWE-94 code injection weaknesses; successful exploitation requires authentication but no user interaction.
An authenticated attacker with network access can leverage the issue to execute arbitrary code, resulting in full compromise of confidentiality, integrity, and availability on the target system. The attack vector is rated as network-reachable with low complexity and low privileges needed.
The vendor advisory published by ManageEngine details the vulnerability and is available at https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html. The EPSS score has climbed from lower values to a peak of 0.4287 with a current score of 0.2915, indicating rising exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-16048
Vulnerability details
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.
Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.
Validates inputs used in dynamic code generation to block injected directives.
Directly prevents execution of attacker-supplied code written into data memory regions.