CVE-2018-7890 : What You Need to Know

Zoho ManageEngine Applications Manager version 13.6 (build 13640) has a security vulnerability that allows remote code execution through the testCredential.do endpoint.

Understanding CVE-2018-7890

This CVE involves a vulnerability in Zoho ManageEngine Applications Manager that could lead to remote code execution.

What is CVE-2018-7890?

A security flaw in Zoho ManageEngine Applications Manager version 13.6 (build 13640) allows attackers to execute code remotely via the testCredential.do endpoint.

The Impact of CVE-2018-7890

The vulnerability poses a risk of remote code execution due to improper validation of user credentials, potentially leading to Command Injection.

Technical Details of CVE-2018-7890

Zoho ManageEngine Applications Manager version 13.6 (build 13640) is affected by a critical security issue.

Vulnerability Description

The vulnerability lies in the testCredential.do endpoint, which fails to properly validate user credentials when interacting with OfficeSharePointServer, enabling Command Injection.

Affected Systems and Versions

Product: Zoho ManageEngine Applications Manager
Version: 13.6 (build 13640)

Exploitation Mechanism

Attackers can exploit the vulnerability by manipulating the username and password parameters within the PowerShell script, allowing unauthorized code execution.

Mitigation and Prevention

Protect your systems from CVE-2018-7890 by following these steps:

Immediate Steps to Take

Apply security updates provided by Zoho ManageEngine.
Monitor system logs for any suspicious activities.
Restrict access to vulnerable endpoints.

Long-Term Security Practices

Conduct regular security audits and penetration testing.
Educate users on secure password practices.

Patching and Updates

Ensure that Zoho ManageEngine Applications Manager is updated to the latest secure version.