CVE-2022-23779

MEDIUM NUCLEI

ManageEngine Desktop Central < 10.1.2137.8 - Unauthenticated Sensitive Information Exposure via HTTP Redirect

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-23779. PoCs published by Vulnmachines, fbusr, Rishi-kaul. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a writeup and proof-of-concept for CVE-2022-23779, an internal hostname disclosure vulnerability in Zoho products. The exploit involves sending a curl request to a specific endpoint and analyzing the HTTP redirect response header to disclose internal hostnames.

Description

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.

Exploits (3)

nomisec WRITEUP 4 stars
by Vulnmachines · poc
https://github.com/Vulnmachines/Zoho_CVE-2022-23779

This repository provides a writeup and proof-of-concept for CVE-2022-23779, an internal hostname disclosure vulnerability in Zoho products. The exploit involves sending a curl request to a specific endpoint and analyzing the HTTP redirect response header to disclose internal hostnames.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zoho products (version not specified)
No auth needed
Prerequisites: Access to the target Zoho instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by fbusr · poc
https://github.com/fbusr/CVE-2022-23779

This PoC exploits an information disclosure vulnerability in Zoho ManageEngine Desktop Central by sending an HTTP GET request to '/themes' on port 8020 and extracting the internal hostname from the 'Location' header in the redirect response.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zoho ManageEngine Desktop Central <10.1.2137.7
No auth needed
Prerequisites: Network access to the target's port 8020
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by Rishi-kaul · poc
https://github.com/Rishi-kaul/CVE-2022-23779

This repository provides a detailed writeup and proof-of-concept for CVE-2022-23779, an information disclosure vulnerability in Zoho ManageEngine Desktop Central. The vulnerability allows unauthorized users to leak internal server hostnames via HTTP redirect headers.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zoho ManageEngine Desktop Central versions before 10.1.2137.8
No auth needed
Prerequisites: Network access to the target server · Vulnerable version of Zoho ManageEngine Desktop Central
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Zoho ManageEngine - Internal Hostname Disclosure
MEDIUMby cckuailong
Shodan: http.title:"manageengine desktop central 10"
FOFA: app="ZOHO-ManageEngine-Desktop" || title="manageengine desktop central 10" || app="zoho-manageengine-desktop"

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.1514
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
zohocorp/manageengine_desktop_central < 10.1.2137.8
Published Mar 02, 2022
Tracked Since Feb 18, 2026