Skip to content
Nuclei Templates

Zoho ManageEngine - Internal Hostname Disclosure

ID: CVE-2022-23779

Severity: medium

Author: cckuailong

Tags: cve,cve2022,zoho,exposure,zohocorp

Description

Section titled “Description”

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.

YAML Source

Section titled “YAML Source”
id: CVE-2022-23779


info:
  name: Zoho ManageEngine - Internal Hostname Disclosure
  author: cckuailong
  severity: medium
  description: Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
  impact: |
    An attacker could use the disclosed internal hostnames to plan targeted attacks, gain unauthorized access, or perform reconnaissance on the internal network.
  remediation: |
    Apply the latest security patch or update provided by Zoho ManageEngine to fix the internal hostname disclosure vulnerability.
  reference:
    - https://www.manageengine.com/products/desktop-central/cve-2022-23779.html
    - https://github.com/fbusr/CVE-2022-23779
    - https://nvd.nist.gov/vuln/detail/CVE-2022-23779
    - https://github.com/soosmile/POC
    - https://github.com/zecool/cve
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-23779
    cwe-id: CWE-200
    epss-score: 0.00667
    epss-percentile: 0.79289
    cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zohocorp
    product: manageengine_desktop_central
    shodan-query: http.title:"manageengine desktop central 10"
    fofa-query:
      - app="ZOHO-ManageEngine-Desktop"
      - title="manageengine desktop central 10"
      - app="zoho-manageengine-desktop"
    google-query: intitle:"manageengine desktop central 10"
  tags: cve,cve2022,zoho,exposure,zohocorp


http:
  - method: GET
    path:
      - "{{BaseURL}}/themes"


    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - '/themes/'
          - 'text/html'
        condition: and


      - type: word
        part: location
        negative: true
        words:
          - '{{Host}}'


      - type: word
        words:
          - '<center><h1>301 Moved Permanently</h1></center>'


      - type: regex
        part: location
        regex:
          - 'https?:\/\/(.*):'


      - type: status
        status:
          - 301


    extractors:
      - type: regex
        group: 1
        regex:
          - 'https?:\/\/(.*):'
        part: location
# digest: 490a004630440220375a70574ff395980f1a8756b1d8c87da939c6eb3021bf092637fbaf7e5de69802206a6e6d2b0cf3b9d9ede097fc226c0ce9b408f3b86c4b5ffe01f5a53df72f9b64:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-23779.yaml"

View on Github