Issued: Sunday, 3 July, 2022 |
Last Revision: Thursday, 7 July, 2022 |
Vendor: |
Product: |
Threat Actor: |
Severity Level: |
Summary:
A remote code execution (RCE) vulnerability is discovered in Manage Engine ADAudit Plus. ADAudit Plus is a Windows auditing, security and compliance solution from Zoho used by large enterprises to monitor changes, real time risk alerting and compliance reporting for the Active Directory (AD) environment.
Due to a serious flaw identified as CVE-2022-28219, attackers are able to access domain administrator accounts and steal confidential information. Underlying Java deserialization, blind XXE injection, and path traversal flaws are what lead to this vulnerability.
On GitHub, the proof-of-concept exploit is available. For ransomware operators and initial access brokers, the bug's characteristics and potential consequences make it a topic of great interest.
Vulnerability Details:
| CVE/Vulnerability | Description | CVSS 3.0 Score |
| CVE-2022-28219 | CVE-2022-28219 Remote Code Execution vulnerability 9.8 | 9.8 |
Affected Products:
| CVE/Vulnerability | Affected Product(s) |
| CVE-2022-28219 | All ADAudit Plus builds below 7060 |
Recommendation:
Organizations using ADAudit Plus are requested to upgrade their instances to the 7060 or latest build in order to prevent attacks against the infrastructure.