Talos Vulnerability Report TALOS-2023-1851 ManageEngine OpManager uploadMib directory traversal vulnerability January 8, 2024 CVE Number CVE-2023-47211 SUMMARY A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. CONFIRMED VULNERABLE VERSIONS The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor. ManageEngine OpManager 12.7.258 PRODUCT URLS OpManager – https://www.manageengine.com/network-monitoring/ CVSSv3 SCORE 9.1 – CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L CWE CWE-22 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) DETAILS OpManager is a network management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes. An exploitable directory traversal vulnerability exists in relation to MiB file upload action. Specifically, when navigating to Settings -> Tools -> MiB Browser and selecting Upload MiB, the following API call is performed: POST /client/api/json/mibbrowser/uploadMib HTTP/1.1 Host: desktop-q1n26jm:8060 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 Accept: */* Accept-Language: pl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip,…Read More