ManageEngine AppManager15 (Build No:15510) - DLL Hijacking
9,1
Critical
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
ManageEngine AppManager15 (Build No:15510) - DLL Hijacking
Code name
State
Public
Release date
9 feb 2022
Affected product
ManageEngine
Affected version(s)
AppManager15 (Build No:15510)
Fixed version(s)
AppManager15 (Build No:15520)
Vulnerability name
DLL Hijacking
Vulnerability type
Remotely exploitable
Yes
CVSS v3.1 vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS v3.1 base score
9.1
Exploit available
No
CVE ID(s)
Description
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the working folder through the Upload Files / Binaries functionality.
Proof of Concept
Steps to reproduce
Log in as an admin user.
Go to
Settings.Go to the
Toolssection and click onUpload Files / Binaries.Select the
Upload Script to <Product_Home>/working/option.Create a malicious DLL with one of the following names
Upload the file.
Go to
Shutdown / Restart Serviceand click onRestartWait for the service to restart in order to load the DLL file.
System Information
Version: ManageEngine AppManager15 (Build No:15510).
Operating System: Windows 10.0.19042 N/A Build 19042.
Exploit
There is no exploit for the vulnerability but can be manually exploited.
Mitigation
An updated version of ManageEngine is available at the vendor page.
References
Timeline
IA generativa
3 feb 2022
Vendor Confirmed Vuln.
8 feb 2022
Vulnerability patched
19 feb 2022
Vendor contacted
3 feb 2022
Vendor replied
4 feb 2022
Public disclosure
20 may 2022
