CVE-2023-47211

CRITICAL NUCLEI

Zohocorp Manageengine Firewall Analyzer < 12.7 - Path Traversal

Title source: rule

Description

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

Nuclei Templates (1)

ManageEngine OpManager - Directory Traversal

HIGHby gy741

Shodan: http.title:"OpManager Plus" || http.title:"opmanager plus"

FOFA: title="opmanager plus"

References (3)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851

[Vendor Advisory] https://www.manageengine.com/itom/advisory/cve-2023-47211.html

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1851

Scores

CVSS v3 9.1

EPSS 0.7615

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Details

CWE

CWE-22

Status published

Products (7)

zohocorp/manageengine_firewall_analyzer 12.7 build127000 (8 CPE variants)

zohocorp/manageengine_firewall_analyzer < 12.7

zohocorp/manageengine_netflow_analyzer 12.7 build127000 (10 CPE variants)

zohocorp/manageengine_netflow_analyzer < 12.7

zohocorp/manageengine_network_configuration_manager 12.7 build127000 (7 CPE variants)

zohocorp/manageengine_network_configuration_manager < 12.7

zohocorp/manageengine_opmanager 12.7 build127000 (22 CPE variants)

Published Jan 08, 2024

Tracked Since Feb 18, 2026