CVE-2023-47211 Exposed: A 9.1 CVSS Threat in ManageEngine OpManager

CVE-2023-47211

Recently, a critical vulnerability was found in ManageEngine OpManager, a prominent network management solution. This vulnerability, designated as CVE-2023-47211, carries a high-severity rating of 9.1 on the Common Vulnerability Scoring System (CVSS) scale.

At the heart of this vulnerability lies a directory traversal flaw within the uploadMib functionality of ManageEngine OpManager version 12.7.258. This exploit allows for arbitrary file creation through a specially crafted HTTP request. An attacker could send a malicious Management Information Base (MiB) file to trigger the vulnerability, potentially leading to unauthorized access or control over network management systems.

CVE-2023-47211

The technical details and a proof-of-concept for this flaw are released by security researcher Marcin ‘Icewall’ Noga of Cisco Talos.

ManageEngine OpManager’s CVE-2023-47211 stretches across a range of products, including:

  • OpManager
  • OpManager Plus
  • OpManager MSP
  • Network Configuration Manager
  • NetFlow Analyzer
  • Firewall Analyzer
  • OpUtils

These products play a crucial role in managing and securing networks by gathering hardware and software information across computer networks. The breadth of this vulnerability underscores the potential risks to network integrity and the importance of rapid response and mitigation strategies.

In the wake of this discovery, a fix has been swiftly deployed. The vulnerability affects builds up to 127259, with build 127260 serving as the beacon of security, patching the exposed weakness.

This issue has now been fixed by implementing path sanitization, ensuring a new MIB is stored exclusively under the “OpManager/mibs” directory,reads the security advisory.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.