CVE-2022-24978 ManageEngine ADAudit Plus allows authenticated privilege escalation on Integrated products.
The most common way of exploiting this issue is to inject a user field into the JSON response using an insecure password. An attacker can do this by creating a new user and setting its password to an insecure value. When a user is created with an insecure password, the JSON response is sent with the user field set. If the user field is sent in the JSON response, then Privilege Escalation occurs. As a result, the Integrated product will display the user that was injected in its list of users. Another way of exploiting this issue is to send the user field in the JSON response using an insecure email format. An attacker can do this by creating a new user and setting its email to an insecure value. When a user is created with an insecure email, the JSON response is sent with the user field set. If the user field is sent in the JSON response, then Privilege Escalation occurs. As a result, the Integrated product will display the user that was injected in its list of users.
How do I know if I’m vulnerable?
It is important to note that, in order for Privilege Escalation to occur, the JSON response must contain a user field set to an insecure value. If the JSON response does not contain a user field set to an insecure value, then Privilege Escalation cannot occur.
How to prevent Privilege Escalation
As a result of these vulnerabilities, Privilege Escalation can occur. To prevent this from happening, ensure that your password field is protected with a strong password.
If you use an email address as the user identifier, then make sure to verify that the email address is not already in use.
Affected Products
This vulnerability affects the following products:
- Integrated
- Integrated Services for Students
- Integrated Services for Students Plus
- Integrated Services for Business
Timeline
Published on: 04/05/2022 19:15:00 UTC
Last modified on: 04/12/2022 17:15:00 UTC