¡¾·ì϶¹«¸æ¡¿Zoho ManageEngine¶à¸ö²úÆ·Ô¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2022-47966£©

°ä²¼¹¦·ò 2023-01-17

0x00 ·ì϶¸ÅÊö

CVE   ID

CVE-2022-47966

·¢ÏÖ¹¦·ò

2023-01-17

Àà    ÐÍ

RCE

µÈ    ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ

ÊÇ

ËùÐèȨÏÞ


¹¥»÷¸´ÔÓ¶È


Óû§½»»¥


PoC/EXP


ÔÚÒ°ÀûÓÃ


 

0x01 ·ì϶ÏêÇé

ManageEngineÊÇ׿ºÀ£¨ZOHO Corporation£©ÆìÏ嵀 ITÖÎÀí½â¾ö¹æ»®£¬Äܹ»½èÖúManageEngine¹¤¾ßÖÎÀíÍøÂç»ù´¡ÉèÊ©¡¢Êý¾ÝÖÐÐÄ¡¢ÒµÎñϵͳ¡¢IT·þÎñ¼°°²È«µÈ¡£

2022Äê10Ô£¬Zoho½¨¸´ÁËManageEngine¶à¸ö²úÆ·ÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2022-47966£©£¬¸Ã·ì϶µÄPoC/EXP¼´½«¹«¿ª°ä²¼¡£

ManageEngine¶à¸ö²úÆ·ÖÐÓÉÓÚʹÓùýÆÚÇÒÒ×Êܹ¥»÷µÄµÚÈý·½ÒÀÀµÏî Apache Santuario£¬ÈôÊÇÆôÓûòÒѾ­ÆôÓà SAML SSO£¬Ôò¿ÉÀûÓø÷ì϶ÔÚδ¾­Éí·ÝÑéÖ¤µÄÇé¿öÏÂÔ¶³ÌÖ´ÐÐËÁÒâ´úÂë¡£

 

Ó°ÏìÁìÓò

ÊÜÓ°Ïì²úÆ·Ãû³Æ

ÊÜÓ°ÏìµÄ°æ±¾

½¨¸´°æ±¾

°ä²¼ÈÕÆÚ

Access Manager Plus*

<= 4307

4308

11/7/2022

Active Directory 360**

<= 4309

4310

28/10/2022

ADAudit Plus**

<= 7080

7081

28/10/2022

ADManager Plus**

<= 7161

7162

28/10/2022

ADSelfService Plus**

<= 6210

6211

28/10/2022

Analytics Plus*

<= 5140

5150

11/7/2022

Application Control Plus*

<=10.1.2220.17

10.1.2220.18

28/10/2022

Asset Explorer**

<= 6982

6983

27/10/2022

Browser Security Plus*

<= 11.1.2238.5

11.1.2238.6

28/10/2022

Device Control Plus*

<= 10.1.2220.17

10.1.2220.18

28/10/2022

Endpoint Central*

<= 10.1.2228.10

10.1.2228.11

28/10/2022

Endpoint Central MSP*

<= 10.1.2228.10

10.1.2228.11

28/10/2022

Endpoint DLP*

<= 10.1.2137.5

10.1.2137.6

28/10/2022

Key Manager Plus*

<= 6400

6401

27/10/2022

OS Deployer*

<= 1.1.2243.0

1.1.2243.1

28/10/2022

PAM 360*

<= 5712

5713

11/7/2022

Password Manager Pro*

<= 12123

12124

11/7/2022

Patch Manager Plus*

<= 10.1.2220.17

10.1.2220.18

28/10/2022

Remote Access Plus*

<= 10.1.2228.10

10.1.2228.11

28/10/2022

Remote Monitoring and Management (RMM)*

<= 10.1.40

10.1.41

29/10/2022

ServiceDesk Plus**

<= 14003

14004

27/10/2022

ServiceDesk Plus MSP**

<= 13000

13001

27/10/2022

SupportCenter Plus**

11017 - 11025

11026

28/10/2022

Vulnerability Manager Plus*

<= 10.1.2220.17

10.1.2220.18

28/10/2022

 

0x02 °²È«½¨Òé

Ä¿Ç°¸Ã·ì϶ÒѾ­½¨¸´£¬ÊÜÓ°ÏìÓû§¿ÉʵʱÉý¼¶µ½ÏàÓ¦½¨¸´°æ±¾¡£

ÏÂÔØÁ´½Ó£º

https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html

×¢£ºµ±Âú×ãÒÔÏÂSAML SSO ±ê¶¨Ê±£¬´Ë·ì϶¿ÉÄܵ¼ÖÂδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì´úÂëÖ´ÐУº

l  ÅäÖÃÁË»ùÓÚSAMLµÄSSO²¢ÇÒÄ¿Ç°´¦ÓÚ¼¤»î״̬£»

l  ÔÚ´ÓÇ°ÖÁÉÙÅäÖùýÒ»´Î»ùÓÚ SAML µÄ SSO £¬ÎÞÂÛµ±Ç°»ùÓÚ SAML µÄ SSO ״̬ÈôºÎ¡£

 

0x03 ²Î¿¼Á´½Ó

https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html

https://www.horizon3.ai/manageengine-cve-2022-47966-iocs/

 

0x04 °æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

Åú¸ÄÄÚÈÝ

V1.0

2023-01-17

³õ´Î°ä²¼

  

0x05 ¸½Â¼

GA»Æ½ð¼×¼ò½é

GA»Æ½ð¼×³ÉÁ¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢Õ¼ÓÐÆëÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢°²È«¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢°²È«²úÆ·¡¢°²È«·þÎñ½â¾ö¹æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°GA»Æ½ð¼×´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊÓ×¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬Õ¼Óи²¸ÇÈ«¹úµÄÏúÊÛϵͳ¡¢Çþ·ϵͳºÍ¼¼ÊõÖ§³Öϵͳ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐÓ×°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬GA»Æ½ð¼×ÖÂÁ¦ÓÚÌṩӵÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´Ðµİ²È«²úÆ·ºÍ×î¼Ñʵ¼Ê·þÎñ£¬Ô®ÊÖ¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄ°²È«ÐԺͳö²úЧÁ¦£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢°²È«²úÒµÁì¾üÆ·Åƶø²»Ð¸ÖÂÁ¦¡£

 

¹ØÓÚGA»Æ½ð¼×

GA»Æ½ð¼×°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄÖØÒªÕë¶Ô³ÁÒª°²È«·ì϶µÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвµý±¨ºÍ°²È«»ã±¨¡£

¹Ø×¢ÒÔϹ«¼ÒºÅ£¬»ñÈ¡È«Çò×îа²È«×ÊѶ£º

image.png