![Researchers publish RCE exploit of ADAudit Plus bug Researchers publish RCE exploit of ADAudit Plus bug](https://varindia.com/storage/news/uploads/2018/02/62c2d8f910ac1.jpg)
Security researchers have published technical details and proof-of-concept exploit code for CVE-2022-28219, a critical vulnerability in the Zoho ManageEngine ADAudit Plus tool for monitoring activities in the Active Directory.
The vulnerability allows an unauthenticated attacker to execute code remotely and compromise Active Directory accounts. Zoho addressed the issue at the end of March in ADAudit Plus build 7060 after security researcher Naveen Sunkavally at Horizon3.ai reported it to the company.
The vulnerability consists of three issues, untrusted Java deserialization, path traversal, and a blind XML External Entities injection, that ultimately lead to remote code execution without authentication.
The researcher found a way to execute code remotely, he started to look for methods to upload files without authentication and found that some ADAudit Plus endpoints used by agents running on the machine to upload security events did not require authentication. The researcher then found a way to trigger a blind XXE vulnerability in the ProcessTrackingListener class in charge of managing events with Windows scheduled task XML content.
To show the validity of these findings, Horizon3.ai published code that exploits CVE-2022-28219 in ManageEngine ADAudit Plus builds before 7060 to execute the calculator app in Windows.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.