Rewterz Threat Advisory – CVE-2023-41990 – Apple iOS and iPadOS Vulnerability Exploit in the Wild
January 9, 2024Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
January 9, 2024Rewterz Threat Advisory – CVE-2023-41990 – Apple iOS and iPadOS Vulnerability Exploit in the Wild
January 9, 2024Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
January 9, 2024Severity
High
Analysis Summary
CVE-2023-47211
ManageEngine OpManager could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user requests by the uploadMib functionality. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to create arbitrary files on the system.
Impact
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-47211
Affected Vendors
Zoho
Affected Products
- Zoho ManageEngine OpManager 127259
- Zoho ManageEngine OpManager Plus 127259
- Zoho ManageEngine OpManager MSP 127259
- Zoho ManageEngine Network Configuration Manager 127259
- Zoho ManageEngine NetFlow Analyzer 127259
- Zoho ManageEngine Firewall Analyzer 127259
- Zoho ManageEngine OpUtils 127259
Remediation
Refer to Zoho ManageEngine Website for patch, upgrade or suggested workaround information.