CVE-2023-48646

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
zohocorpmanageengine_recoverymanager_plus
𝑥
< 6.0
zohocorpmanageengine_recoverymanager_plus
6.0:build6001
zohocorpmanageengine_recoverymanager_plus
6.0:build6003
zohocorpmanageengine_recoverymanager_plus
6.0:build6005
zohocorpmanageengine_recoverymanager_plus
6.0:build6011
zohocorpmanageengine_recoverymanager_plus
6.0:build6016
zohocorpmanageengine_recoverymanager_plus
6.0:build6017
zohocorpmanageengine_recoverymanager_plus
6.0:build6020
zohocorpmanageengine_recoverymanager_plus
6.0:build6025
zohocorpmanageengine_recoverymanager_plus
6.0:build6026
zohocorpmanageengine_recoverymanager_plus
6.0:build6030
zohocorpmanageengine_recoverymanager_plus
6.0:build6031
zohocorpmanageengine_recoverymanager_plus
6.0:build6032
zohocorpmanageengine_recoverymanager_plus
6.0:build6041
zohocorpmanageengine_recoverymanager_plus
6.0:build6042
zohocorpmanageengine_recoverymanager_plus
6.0:build6043
zohocorpmanageengine_recoverymanager_plus
6.0:build6044
zohocorpmanageengine_recoverymanager_plus
6.0:build6047
zohocorpmanageengine_recoverymanager_plus
6.0:build6049
zohocorpmanageengine_recoverymanager_plus
6.0:build6050
zohocorpmanageengine_recoverymanager_plus
6.0:build6051
zohocorpmanageengine_recoverymanager_plus
6.0:build6053
zohocorpmanageengine_recoverymanager_plus
6.0:build6054
zohocorpmanageengine_recoverymanager_plus
6.0:build6056
zohocorpmanageengine_recoverymanager_plus
6.0:build6057
zohocorpmanageengine_recoverymanager_plus
6.0:build6058
zohocorpmanageengine_recoverymanager_plus
6.0:build6060
zohocorpmanageengine_recoverymanager_plus
6.0:build6061
zohocorpmanageengine_recoverymanager_plus
6.0:build6062
𝑥
= Vulnerable software versions
References
https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html
https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html