Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution
Posted by deepcore on February 10, 2023 – 4:18 am
This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the Endpoint Central SAML endpoint. Note that the target is only vulnerable if it is configured with SAML-based SSO, and the service should be active.
Post a reply
You must be logged in to post a comment.