Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-29084

CWE-77 — Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

93.9%

top 0.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zohocorp Manageengine Admanager Plus

Timeline

PublishedApr 13

Description

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_admanager_plus< 7.1+1

🔴Vulnerability Details

GHSA

GHSA-q6fm-vxc6-q2wj: Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings↗2023-04-13

▶

CVEList

CVE-2023-29084: Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings↗2023-04-13

▶

💥Exploits & PoCs

Nuclei

ManageEngine ADManager Plus - Command Injection

▶