module
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
| Disclosed | Created |
|---|---|
| 01/10/2023 | 02/07/2023 |
Disclosed
01/10/2023
Created
02/07/2023
Description
This exploits an unauthenticated remote code execution vulnerability
that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and
below (CVE-2022-47966). Due to a dependency to an outdated library
(Apache Santuario version 1.4.1), it is possible to execute arbitrary
code by providing a crafted `samlResponse` XML to the ServiceDesk Plus
SAML endpoint. Note that the target is only vulnerable if it has been
configured with SAML-based SSO at least once in the past, regardless of
the current SAML-based SSO status.
that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and
below (CVE-2022-47966). Due to a dependency to an outdated library
(Apache Santuario version 1.4.1), it is possible to execute arbitrary
code by providing a crafted `samlResponse` XML to the ServiceDesk Plus
SAML endpoint. Note that the target is only vulnerable if it has been
configured with SAML-based SSO at least once in the past, regardless of
the current SAML-based SSO status.
Authors
Khoa Dinhhorizon3aiChristophe De La Fuente
Platform
Java,Linux,Unix,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/multi/http/manageengine_servicedesk_plus_saml_rce_cve_2022_47966
msf /(6) > show actions
...actions...
msf /(6) > set ACTION < action-name >
msf /(6) > show options
...show and set options...
msf /(6) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.