CVE-2018-7890 - Vulnerability Details - OpenCVE

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zohocorp	Manageengine Applications Manager

Configuration 1 [-]

cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103358
https://github.com/rapid7/metasploit-framework/pull/9684
https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/
https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager
https://www.exploit-db.com/exploits/44274/
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-08T22:00:00

Updated: 2024-08-05T06:37:59.625Z

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7890

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-08T22:29:00.233

Modified: 2024-11-21T04:12:55.917

Link: CVE-2018-7890

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-03-08T00:00:00", "descriptions": [{"lang": "en", "value": "A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-06T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"}, {"name": "44274", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44274/"}, {"name": "103358", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103358"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/rapid7/metasploit-framework/pull/9684"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-7890", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/", "refsource": "MISC", "url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"}, {"name": "44274", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44274/"}, {"name": "103358", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103358"}, {"name": "https://github.com/rapid7/metasploit-framework/pull/9684", "refsource": "MISC", "url": "https://github.com/rapid7/metasploit-framework/pull/9684"}, {"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html", "refsource": "CONFIRM", "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"}, {"name": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager", "refsource": "CONFIRM", "url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.625Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"}, {"name": "44274", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44274/"}, {"name": "103358", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103358"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rapid7/metasploit-framework/pull/9684"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-7890", "datePublished": "2018-03-08T22:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "05534D6B-400B-4F7B-B56D-09B889226431", "versionEndExcluding": "13.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection."}, {"lang": "es", "value": "Se ha descubierto un problema de ejecuci\u00f3n remota de c\u00f3digo en Zoho ManageEngine Applications Manager, en versiones anteriores a la 13.6 (build 13640). El endpoint accesible de forma p\u00fablica testCredential.do toma m\u00faltiples entradas de usuario y valida las credenciales proporcionadas mediante el acceso a un sistema especificado. Este endpoint llama a varias clases internas y, a continuaci\u00f3n, ejecuta un script PowerShell. Si el sistema especificado es OfficeSharePointServer, los par\u00e1metros username y password de este script no se validan, lo que desemboca en una inyecci\u00f3n de comandos."}], "id": "CVE-2018-7890", "lastModified": "2024-11-21T04:12:55.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-08T22:29:00.233", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103358"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/9684"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44274/"}, {"source": "cve@mitre.org", "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103358"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/rapid7/metasploit-framework/pull/9684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://pentest.blog/advisory-manageengine-applications-manager-remote-code-execution-sqli-and/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://pitstop.manageengine.com/portal/community/topic/security-vulnerability-issues-fixed-upgrade-to-the-latest-version-of-applications-manager"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44274/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-7890.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}