module
ManageEngine Endpoint Central Unauthenticated SAML RCE
| Disclosed | Created |
|---|---|
| 01/10/2023 | 02/09/2023 |
Disclosed
01/10/2023
Created
02/09/2023
Description
This exploits an unauthenticated remote code execution vulnerability
that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10
and below (CVE-2022-47966). Due to a dependency to an outdated library
(Apache Santuario version 1.4.1), it is possible to execute arbitrary
code by providing a crafted `samlResponse` XML to the Endpoint Central
SAML endpoint. Note that the target is only vulnerable if it is
configured with SAML-based SSO , and the service should be active.
that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10
and below (CVE-2022-47966). Due to a dependency to an outdated library
(Apache Santuario version 1.4.1), it is possible to execute arbitrary
code by providing a crafted `samlResponse` XML to the Endpoint Central
SAML endpoint. Note that the target is only vulnerable if it is
configured with SAML-based SSO , and the service should be active.
Authors
Khoa Dinhhorizon3aiChristophe De La Fuenteh00die-gr3y
Platform
Java,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/windows/http/manageengine_endpoint_central_saml_rce_cve_2022_47966
msf /(6) > show actions
...actions...
msf /(6) > set ACTION < action-name >
msf /(6) > show options
...show and set options...
msf /(6) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.