ManageEngine, probably the most broadly used IT infrastructure administration platforms that gives greater than 60 Enterprise IT administration instruments, has been found with an Data Disclosure vulnerability which is tracked as CVE-2023-6105.
This vulnerability impacts a number of ManageEngine merchandise, together with ADManager, ADSelfService, M365 Supervisor, Endpoint Central, Service Desk, Entry Supervisor, and plenty of others. The severity of this vulnerability has been given as 5.5 (Medium).
CVE-2023-6105: ManageEngine Data Disclosure
This info disclosure vulnerability exposes encryption keys and exists on a number of ManageEngine merchandise.
A low-privileged OS person with entry to the host on an affected product can view and make the most of the uncovered key for decrypting the product database passwords, leading to entry to the ManageEngine product database.
Moreover, the encryption secret is saved within the “CryptTag” configuration in <PRODUCT_INSTALLATION_DIR>confcustomer-config.xml, and the usernames and passwords for ManageEngine product database might be discovered within the <PRODUCT_INSTALLATION_DIR>confdatabase_params.conf.
Nevertheless, the database password might be decrypted utilizing the encryption key from the XML file and the .conf file. An attacker with entry to the product database can run OS instructions with SYSTEM privileges or some administrative account privileges.
Added to this, the risk actor can reset the password of an administrative person and consider information contents that possess delicate info. A has been revealed, which supplies detailed details about the Python script used for decrypting the password and its output.
A whole report and proof of idea for this vulnerability has been revealed by Tenable, which supplies detailed details about this vulnerability and its patches.
Affected Merchandise
- Service Desk Plus previous to model 14304
- Asset Explorer previous to model 7004
- Service Desk Plus MSP previous to model 14305
- Assist Heart Plus previous to model 14304
- Entry Supervisor Plus previous to model 4310
- PAM 360 previous to model 5700
- Password Supervisor Professional previous to model 12300
- OpManager previous to model 125632 on Home windows and model 127243 on Linux
- Firewall Analyser previous to model 125632 on Home windows and model 127243 on Linux
- Netflow Analyser previous to model 125632 on Home windows and model 127243 on Linux
- Community Configurations Supervisor previous to model 125632 on Home windows and model 127243 on Linux
- OpUtils previous to model 125632 on Home windows and model 127243 on Linux
- Creator On-Premise previous to model 2.0.0
- Analytics Plus On-Premise previous to model 5300
- ADSelfService Plus previous to model 6304
- ADManager Plus previous to model 7210
- ADAudit Plus previous to model 7251
- Cloud Safety Plus previous to model 4170
- Knowledge Safety Plus previous to model 6126
- Alternate Reporter Plus previous to model 5713
- M365 Supervisor Plus previous to model 4539
- M365 Safety Plus previous to model 4539
- SharePoint Supervisor Plus previous to model 4405
- Restoration Supervisor Plus previous to model 6074
- Log360 UEBA previous to model 4050
- Endpoint Central previous to model 11.2.2322.01
- Endpoint Central MSP previous to model 11.2.2322.01
- Distant Monitoring and Administration previous to model 10.2.11
- Cellular System Administration previous to model 10.1.2204.2
- Distant Entry Plus previous to model 11.2.2328.01
- OS Deployer previous to model 1.2.2331.1
- Browser Safety Plus previous to model 11.2.2328.01
- Patch Supervisor Plus previous to model 11.2.2328.01
- Vulnerability Supervisor Plus previous to model 11.2.2328.01
- Software Management Plus previous to model 11.2.2328.01
- Patch Join Plus previous to model 90124
- System Management Plus previous to model 11.2.2328.01
- Endpoint DLP Answer previous to model 11.2.2328.01
- Safe Gateway Server previous to model 90091
Customers of those ManageEngine merchandise are really useful to use vendor-specific patches for affected installations to stop this vulnerability from getting exploited.
Patch Supervisor Plus, the one-stop answer for automated updates of over 850 third-party purposes: Attempt Free Trial.