CVE-2022-35403 : Security Advisory and Response
Learn about CVE-2022-35403 affecting Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus, allowing unauthorized access to local files.
Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus are affected by an unauthenticated local file disclosure vulnerability. This includes Asset Explorer which is affected with authentication.
Understanding CVE-2022-35403
This CVE refers to a vulnerability in Zoho ManageEngine's various products that allows unauthorized access to local files through a specific email action.
What is CVE-2022-35403?
The vulnerability in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus enables attackers to disclose local files without authentication, particularly through ticket-creation email. Asset Explorer is also affected if authentication is present.
The Impact of CVE-2022-35403
This vulnerability could lead to unauthorized disclosure of sensitive information stored locally on the affected systems, potentially exposing critical data to malicious actors.
Technical Details of CVE-2022-35403
The following are the technical details related to this CVE:
Vulnerability Description
The vulnerability allows threat actors to access local files without needing to authenticate, primarily through the process of creating a ticket via email.
Affected Systems and Versions
Zoho ManageEngine ServiceDesk Plus versions before 13008, ServiceDesk Plus MSP versions before 10606, and SupportCenter Plus versions before 11022 are impacted. Additionally, Asset Explorer versions earlier than 6977 are also vulnerable if authentication is enabled.
Exploitation Mechanism
The vulnerability is exploited by sending a specially crafted email to trigger the file disclosure process, bypassing authentication mechanisms.
Mitigation and Prevention
To address CVE-2022-35403, users and organizations can take the following actions:
Immediate Steps to Take
- Update Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus to the latest versions to patch the vulnerability.
- Disable email-driven processes temporarily if possible to mitigate the risk until the systems are updated.
Long-Term Security Practices
- Regularly monitor for security advisories and updates from Zoho ManageEngine to stay informed about potential vulnerabilities.
- Implement network segmentation and access controls to limit exposure to sensitive systems.
Patching and Updates
- Apply patches released by Zoho ManageEngine promptly to ensure that the systems are protected against known vulnerabilities.