{"id":6302,"date":"2018-03-14T03:16:46","date_gmt":"2018-03-14T03:16:46","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=1142"},"modified":"2018-03-14T03:16:46","modified_gmt":"2018-03-14T03:16:46","slug":"rce-vulnerability-in-manageengine","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/rce-vulnerability-in-manageengine\/","title":{"rendered":"Remote Code Execution Vulnerability in ManageEngine Applications Manager 13.5"},"content":{"rendered":"

Recently, researchers discovered a serious remote code execution (RCE) vulnerability (CVE-2018-7890)\u00a0in ManageEngine Applications Manager. Vulnerabilities originate from the publicly accessible testCredential.do endpoint, which can result in remote code execution when validating user-supplied credentials. At present, no official version has been released to fix this vulnerability. <\/span><\/p>\n

Reference links:<\/p>\n

http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-7890<\/a><\/p>\n

https:\/\/www.securityfocus.com\/bid\/103358<\/a><\/p>\n

https:\/\/pentest.blog\/advisory-manageengine-applications-manager-remote-code-execution-sqli-and\/<\/a><\/p>\n

What is ManageEngine Applications Manager? <\/strong><\/h4>\n

ManageEngine Applications Manager provides a solution for monitoring and managing J2EE infrastructure and J2EE applications. It can monitor different parts of the Web servers, databases, application servers and the system where these components are deployed. It provides open standards, like SNMP and JMX, to ensure investment and also facilitate integration. Its management functions cover the most important aspects of management solutions, namely monitoring the underlying structure of the application server, as well as the malfunction and performance of the applications deployed in it. It can also be used to manage custom applications and other servers, including Oracle database servers, email servers, file servers, search engines, and authentication servers.<\/p>\n

As Zoho says, ManageEngine\u00ae Applications Manager helps users monitor Windows servers, Microsoft .NET, Microsoft SQL server databases, Microsoft IIS Web servers, and Microsoft Exchange servers. A large number of reports, charts, alarms, thresholds, and integrated malfunction management are preset to help administrators ensure that applications are always running at optimal performance.<\/p>\n

Vulnerability Description<\/strong> <\/span><\/h3>\n

The testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing given system. This endpoint calls several internal classes and executes PowerShell script. If the given system is OfficeSharePointServer, the username and password sent to the script will be invalid and result in RCE by command injection.<\/p>\n

Applications Manager is not easy to be exploited directly as it is mostly used in the intranet environment. However, the vulnerability has a fixed request address that can help attackers infiltrate into the internal network of the enterprise and further scan and control vulnerable servers.<\/p>\n

 <\/p>\n

Affected Version<\/strong><\/span><\/p>\n