CVE-2022-29457

HIGH

Zohocorp ManageEngine ADAudit Plus - NTLM Hash Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-29457. PoCs published by Metin Yunus Kandemir.

AI-analyzed exploit summary This exploit targets CVE-2022-29457 in ManageEngine ADSelfService Plus by scheduling a report to expose NTLMv2 hashes via SMB relay. It authenticates, schedules a report with a malicious UNC path, and captures the hash when the service attempts to access the path.

Description

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

Exploits (1)

exploitdb WORKING POC
by Metin Yunus Kandemir · pythonremotewindows
https://www.exploit-db.com/exploits/50904

This exploit targets CVE-2022-29457 in ManageEngine ADSelfService Plus by scheduling a report to expose NTLMv2 hashes via SMB relay. It authenticates, schedules a report with a malicious UNC path, and captures the hash when the service attempts to access the path.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: ManageEngine ADSelfService Plus Build < 6121
Auth required
Prerequisites: Valid credentials for ADSelfService Plus or domain user · SMB server or relay setup to capture NTLMv2 hashes
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0772
EPSS Percentile 93.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (5)
zohocorp/manageengine_adaudit_plus 7.0.0 (15 CPE variants)
zohocorp/manageengine_adaudit_plus < 7.0.0
zohocorp/manageengine_admanager_plus 7.1 (21 CPE variants)
zohocorp/manageengine_admanager_plus < 7.1
zohocorp/manageengine_adselfservice_plus 6.1 (12 CPE variants)
Published Apr 18, 2022
Tracked Since Feb 18, 2026