⚠ Actively exploited

Added to CISA KEV on 2022-09-22. Federal agencies required to patch by 2022-10-13. Required action: Apply updates per vendor instructions..

CVE-2022-35405

CWE-502 — Deserialization of Untrusted Data6 documents6 sources

Severity

9.8CRITICAL

EPSS

94.2%

top 0.08%

CISA KEV

KEV

Added 2022-09-22

Due 2022-10-13

Exploit

Exploited in wild

Active exploitation observed

Affected products

Zohocorp Manageengine Access Manager Plus Zohocorp Manageengine Pam360 Zohocorp Manageengine Password Manager PRO

Timeline

PublishedJul 19

KEV addedSep 22

KEV dueOct 13

CISA Required Action: Apply updates per vendor instructions.

Description

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDzohocorp/manageengine_access_manager_plus< 4.3+1

▶NVDzohocorp/manageengine_password_manager_pro< 12.1+1

▶NVDzohocorp/manageengine_pam360< 5.5+1

Patches

Patch: www.manageengine.com ↗Patch: www.manageengine.com ↗

🔴Vulnerability Details

GHSA

GHSA-j9c5-6p9g-hwf3: Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution↗2022-07-20

▶

CVEList

CVE-2022-35405: Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution↗2022-07-19

▶

VulnCheck

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability↗2022

▶

💥Exploits & PoCs

Nuclei

Zoho ManageEngine - Remote Code Execution

▶

📋Vendor Advisories

CISA

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability↗2022-09-22

▶