CVE-2022-47966

unknown KEV

Published 2023-01-23 · Modified 2023-01-23

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

2.5

Description

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.

CISA KEV

Vendor: Zoho
Product: ManageEngine
Due date: 2023-02-13

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

exploit_windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966 rank 600

ManageEngine Endpoint Central Unauthenticated SAML RCE

Source fetch failed: fetch_error — view the original via the link above.

exploit_multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966 rank 600

ManageEngine ServiceDesk Plus Unauthenticated SAML RCE

Source code queued for fetch — refresh in a moment.

exploit_multi/http/manageengine_adselfservice_plus_saml_rce_cve_2022_47966 rank 600

ManageEngine ADSelfService Plus Unauthenticated SAML RCE

Source fetch failed: fetch_error — view the original via the link above.

References

https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html; https://nvd.nist.gov/vuln/detail/CVE-2022-47966

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.