CVE-2023-47211

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
talosCNA
9.1 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
zohocorpmanageengine_firewall_analyzer
𝑥
< 12.7
zohocorpmanageengine_firewall_analyzer
12.7:build127000
zohocorpmanageengine_firewall_analyzer
12.7:build127101
zohocorpmanageengine_firewall_analyzer
12.7:build127130
zohocorpmanageengine_firewall_analyzer
12.7:build127131
zohocorpmanageengine_firewall_analyzer
12.7:build127187
zohocorpmanageengine_firewall_analyzer
12.7:build127244
zohocorpmanageengine_firewall_analyzer
12.7:build127257
zohocorpmanageengine_firewall_analyzer
12.7:build127259
zohocorpmanageengine_netflow_analyzer
𝑥
< 12.7
zohocorpmanageengine_netflow_analyzer
12.7:build127000
zohocorpmanageengine_netflow_analyzer
12.7:build127003
zohocorpmanageengine_netflow_analyzer
12.7:build127101
zohocorpmanageengine_netflow_analyzer
12.7:build127130
zohocorpmanageengine_netflow_analyzer
12.7:build127131
zohocorpmanageengine_netflow_analyzer
12.7:build127187
zohocorpmanageengine_netflow_analyzer
12.7:build127244
zohocorpmanageengine_netflow_analyzer
12.7:build127255
zohocorpmanageengine_netflow_analyzer
12.7:build127257
zohocorpmanageengine_netflow_analyzer
12.7:build127259
zohocorpmanageengine_network_configuration_manager
𝑥
< 12.7
zohocorpmanageengine_network_configuration_manager
12.7:build127000
zohocorpmanageengine_network_configuration_manager
12.7:build127102
zohocorpmanageengine_network_configuration_manager
12.7:build127105
zohocorpmanageengine_network_configuration_manager
12.7:build127132
zohocorpmanageengine_network_configuration_manager
12.7:build127243
zohocorpmanageengine_network_configuration_manager
12.7:build127257
zohocorpmanageengine_network_configuration_manager
12.7:build127259
zohocorpmanageengine_opmanager
𝑥
< 12.7
zohocorpmanageengine_opmanager
12.7:build127000
zohocorpmanageengine_opmanager
12.7:build127001
zohocorpmanageengine_opmanager
12.7:build127002
zohocorpmanageengine_opmanager
12.7:build127003
zohocorpmanageengine_opmanager
12.7:build127004
zohocorpmanageengine_opmanager
12.7:build127100
zohocorpmanageengine_opmanager
12.7:build127101
zohocorpmanageengine_opmanager
12.7:build127102
zohocorpmanageengine_opmanager
12.7:build127103
zohocorpmanageengine_opmanager
12.7:build127104
zohocorpmanageengine_opmanager
12.7:build127109
zohocorpmanageengine_opmanager
12.7:build127116
zohocorpmanageengine_opmanager
12.7:build127117
zohocorpmanageengine_opmanager
12.7:build127118
zohocorpmanageengine_opmanager
12.7:build127119
zohocorpmanageengine_opmanager
12.7:build127120
zohocorpmanageengine_opmanager
12.7:build127122
zohocorpmanageengine_opmanager
12.7:build127123
zohocorpmanageengine_opmanager
12.7:build127131
zohocorpmanageengine_opmanager
12.7:build127133
zohocorpmanageengine_opmanager
12.7:build127134
zohocorpmanageengine_opmanager
12.7:build127136
zohocorpmanageengine_opmanager
12.7:build127138
zohocorpmanageengine_opmanager
12.7:build127140
zohocorpmanageengine_opmanager
12.7:build127141
zohocorpmanageengine_opmanager
12.7:build127185
zohocorpmanageengine_opmanager
12.7:build127186
zohocorpmanageengine_opmanager
12.7:build127187
zohocorpmanageengine_opmanager
12.7:build127188
zohocorpmanageengine_opmanager
12.7:build127189
zohocorpmanageengine_opmanager
12.7:build127191
zohocorpmanageengine_opmanager
12.7:build127240
zohocorpmanageengine_opmanager
12.7:build127241
zohocorpmanageengine_opmanager
12.7:build127242
zohocorpmanageengine_opmanager
12.7:build127243
zohocorpmanageengine_opmanager
12.7:build127255
zohocorpmanageengine_opmanager
12.7:build127256
zohocorpmanageengine_opmanager
12.7:build127257
zohocorpmanageengine_opmanager
12.7:build127258
zohocorpmanageengine_opmanager
12.7:build127259
zohocorpmanageengine_opmanager_msp
𝑥
< 12.7
zohocorpmanageengine_opmanager_msp
12.7:build127109
zohocorpmanageengine_opmanager_msp
12.7:build127122
zohocorpmanageengine_opmanager_msp
12.7:build127123
zohocorpmanageengine_opmanager_msp
12.7:build127138
zohocorpmanageengine_opmanager_msp
12.7:build127139
zohocorpmanageengine_opmanager_msp
12.7:build127140
zohocorpmanageengine_opmanager_msp
12.7:build127141
zohocorpmanageengine_opmanager_msp
12.7:build127142
zohocorpmanageengine_opmanager_msp
12.7:build127259
zohocorpmanageengine_opmanager_plus
𝑥
< 12.7
zohocorpmanageengine_opmanager_plus
12.7:build127109
zohocorpmanageengine_opmanager_plus
12.7:build127122
zohocorpmanageengine_opmanager_plus
12.7:build127123
zohocorpmanageengine_opmanager_plus
12.7:build127138
zohocorpmanageengine_opmanager_plus
12.7:build127139
zohocorpmanageengine_opmanager_plus
12.7:build127140
zohocorpmanageengine_opmanager_plus
12.7:build127141
zohocorpmanageengine_opmanager_plus
12.7:build127142
zohocorpmanageengine_opmanager_plus
12.7:build127259
zohocorpmanageengine_oputils
𝑥
< 12.7
zohocorpmanageengine_oputils
12.7:build127101
zohocorpmanageengine_oputils
12.7:build127117
zohocorpmanageengine_oputils
12.7:build127134
zohocorpmanageengine_oputils
12.7:build127241
zohocorpmanageengine_oputils
12.7:build127242
zohocorpmanageengine_oputils
12.7:build127258
zohocorpmanageengine_oputils
12.7:build127259
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851
https://www.manageengine.com/itom/advisory/cve-2023-47211.html
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851
https://www.manageengine.com/itom/advisory/cve-2023-47211.html
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1851