Skip to main content

Manageengine Firewall Analyzer CVE-2023-47211

CRITICAL
Path Traversal (CWE-22)
2024-01-08 talos-cna@cisco.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
PoC Detected
Nov 04, 2025 - 19:16 vuln.today
Public exploit code
CVE Published
Jan 08, 2024 - 15:15 nvd
CRITICAL 9.1

DescriptionCVE.org

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.

AnalysisAI

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. Affected products include: Zohocorp Manageengine Firewall Analyzer, Zohocorp Manageengine Netflow Analyzer, Zohocorp Manageengine Network Configuration Manager, Zohocorp Manageengine Opmanager, Zohocorp Manageengine Opmanager Msp.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2015-7780 MEDIUM POC
6.5 Jun 27

Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. Rated medium severity (CVSS 6.5), this v

CVE-2017-14123 HIGH POC
8.8 Sep 04

Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Rat

CVE-2019-17421 HIGH POC
7.8 Nov 21

Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall A

CVE-2022-36923 HIGH POC
7.5 Aug 10

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall An

CVE-2019-11678 CRITICAL
9.8 May 02

The "default reports" feature in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123218 is vulnerable to SQL Injec

CVE-2019-11677 CRITICAL
9.8 May 02

The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML E

CVE-2023-6105 MEDIUM POC
5.5 Nov 15

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys bein

CVE-2015-7781 HIGH
7.5 Jun 27

ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. Rated high severity (CVSS 7.5), this vul

CVE-2022-37024 HIGH
8.8 Aug 10

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils

CVE-2022-35404 HIGH
8.2 Jul 18

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and

CVE-2019-11676 MEDIUM
6.1 May 02

The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS at

Share

CVE-2023-47211 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy