CVE-2024-24409

HIGH

ManageEngine ADManager Plus <= 7203 - Privilege Escalation via Modify Computers Option

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-24409. PoCs published by Metin Yunus Kandemir, passtheticket.

AI-analyzed exploit summary This writeup describes an elevation of privilege vulnerability in ManageEngine ADManager Plus Build < 7210, where a technician with the Modify Computers role can abuse the userAccountControl and msDS-AllowedToDelegateTo attributes to set Constrained or Unconstrained Kerberos Delegation, leading to privilege escalation from Domain User to Domain Admin.

Description

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

Exploits (2)

exploitdb WRITEUP

by Metin Yunus Kandemir · textwebappsmultiple

https://www.exploit-db.com/exploits/52148

View Code ZIP pw:eip

This writeup describes an elevation of privilege vulnerability in ManageEngine ADManager Plus Build < 7210, where a technician with the Modify Computers role can abuse the userAccountControl and msDS-AllowedToDelegateTo attributes to set Constrained or Unconstrained Kerberos Delegation, leading to privilege escalation from Domain User to Domain Admin.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: ManageEngine ADManager Plus Build < 7210

Auth required

Prerequisites: Technician user with Modify Computers role · Access to ADManager Plus interface · Target computer object within delegated Organizational Unit

MITRE ATT&CK

T1134 - Access Token Manipulation T1558 - Steal or Forge Kerberos Tickets

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 1 stars

by passtheticket · poc

https://github.com/passtheticket/CVE-2024-24409

View Code ZIP pw:eip

The repository provides a detailed technical analysis of CVE-2024-24409, an elevation of privilege vulnerability in ADManager Plus Build < 7210. It explains how the Modify Computers role can be abused to set Constrained Kerberos Delegation, leading to privilege escalation from Domain User to Domain Admin.

Classification

Writeup 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: ADManager Plus Build < 7210

Auth required

Prerequisites: Local admin rights over a computer or ability to add a computer to Active Directory · Modify Computers role in ADManager Plus

MITRE ATT&CK

T1558.003 - Kerberoasting T1098 - Account Manipulation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-24409.html

Scores

CVSS v3 8.8

EPSS 0.0624

EPSS Percentile 91.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (7)

zohocorp/manageengine_admanager_plus 6.1 (13 CPE variants)

zohocorp/manageengine_admanager_plus 6.2

zohocorp/manageengine_admanager_plus 6.5.7

zohocorp/manageengine_admanager_plus 6.6 6657 (2 CPE variants)

zohocorp/manageengine_admanager_plus 6.6.5

zohocorp/manageengine_admanager_plus 7.0 (22 CPE variants)

zohocorp/manageengine_admanager_plus 7.1 (10 CPE variants)

Published Nov 08, 2024

Tracked Since Feb 18, 2026