Vulnerability Description
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Firewall Analyzer | < 12.7 |
| Zohocorp | Manageengine Netflow Analyzer | < 12.7 |
| Zohocorp | Manageengine Network Configuration Manager | < 12.7 |
| Zohocorp | Manageengine Opmanager | < 12.7 |
| Zohocorp | Manageengine Opmanager Msp | < 12.7 |
| Zohocorp | Manageengine Opmanager Plus | < 12.7 |
| Zohocorp | Manageengine Oputils | < 12.7 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851ExploitThird Party Advisory
- https://www.manageengine.com/itom/advisory/cve-2023-47211.htmlVendor Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851ExploitThird Party Advisory
- https://www.manageengine.com/itom/advisory/cve-2023-47211.htmlVendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1851
FAQ
What is CVE-2023-47211?
CVE-2023-47211 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send...
How severe is CVE-2023-47211?
CVE-2023-47211 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-47211?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Firewall Analyzer, Zohocorp Manageengine Netflow Analyzer, Zohocorp Manageengine Network Configuration Manager, Zohocorp Manageengine Opmanager, Zohocorp Manageengine Opmanager Msp.