CVE-2022-28219: Trivial PoC Exploit Could Lead to Unauthenticated RCE in ManageEngine ADAudit Plus

Share :

On Wednesday, 29 June 2022, Horizon3.ai published a proof-of-concept (PoC) exploit that targets CVE-2022-28219, a critical attack chain that includes unauthenticated XML External Entities (XXE), Java deserialization, and path traversal vulnerabilities that could lead to remote code execution (RCE) if successfully chained together. CVE-2022-28219 impacts Zoho’s ManageEngine ADAudit Plus builds prior to 7060.

ManageEngine patched CVE-2022-28219 on 30 March 2022. Since the initial security advisory was published, active exploitation of CVE-2022-28219 has not been observed. Now, Horizon3.ai has published a detailed write-up and a trivial PoC exploit.

Impacted Products

Product

Affected Builds

Fixed Builds

ManageEngine ADAudit Plus

  • All ADAudit Plus builds below 7060
  • Build 7060 and above

Recommendation: Apply the Available Updates from ManageEngine

We recommend upgrading to the latest version of ADAudit Plus, currently build 7063 (released in June 2022) via the appropriate service pack.

ADAudit Plus Service Packs: https://www.manageengine.com/products/active-directory-audit/service-pack.html

Note: Arctic Wolf recommends the following change management best practices for testing the workaround in a dev environment before deploying to production systems.

References

Sule Tatar

Sule Tatar

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.
Share :
Table of Contents
Categories