Check Point Advisories

Zoho ManageEngine RecoveryManager Plus Remote Code Execution (CVE-2023-48646)

Check Point Reference: CPAI-2023-1533
Date Published: 20 Feb 2024
Severity: High
Last Updated: Tuesday 20 February, 2024
Source:
Industry Reference:CVE-2023-48646
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable? Zoho ManageEngine RecoveryManager Plus prior to 6.0
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6001
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6003
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6005
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6011
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6016
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6017
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6020
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6025
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6026
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6030
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6031
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6032
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6041
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6042
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6043
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6044
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6047
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6049
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6050
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6051
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6053
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6054
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6056
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6057
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6058
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6060
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6061
Zoho ManageEngine RecoveryManager Plus 6.0 Build 6062
Vulnerability Description A remote code execution vulnerability exists in Zoho ManageEngine RecoveryManager Plus. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Protection Overview

This protection detects attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Zoho ManageEngine RecoveryManager Plus Remote Code Execution (CVE-2023-48646) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Zoho ManageEngine RecoveryManager Plus Remote Code Execution (CVE-2023-48646)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK