CVE-2022-36923: 
Zoho ManageEngine NetFlow Analyzer vulnerability analysis and mitigation

A critical authentication bypass vulnerability (CVE-2022-36923) was discovered in multiple ManageEngine products including OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils. The vulnerability was disclosed on July 27, 2022, and affects various builds of these products prior to the patches released between July 27-28, 2022. This security flaw stems from a lack of proper request handling mechanism that could allow unauthorized access to user API keys (ManageEngine Advisory, ZDI Advisory).

The vulnerability exists within the getUserAPIKey function and results from the absence of proper authentication checks before allowing access to functionality. It received a CVSS score of 9.4 (Critical) with the following vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L, indicating its severe nature and ease of exploitation. The technical issue specifically relates to the improper implementation of request handling mechanisms that should protect API key access (ZDI Advisory).

The vulnerability allows unauthorized individuals to retrieve API keys of valid users without authentication. Once an attacker obtains these API keys, they can access external APIs, potentially leading to unauthorized system access and control. This could result in significant security breaches and compromise of affected systems (ManageEngine Advisory).

ManageEngine has released patches for all affected products (builds 125657, 126002, 126104, and 126118). Users are strongly advised to upgrade to the latest versions available through the vendor's service pack links. After upgrading, it is crucial to regenerate API keys for all users. This can be done by clicking on the Personalize/Quick settings icon, selecting the 'Rest API key' tab, and clicking on the 'Regenerate Key' option (ManageEngine Advisory).