CVE-2022-38772: 
Zoho ManageEngine NetFlow Analyzer vulnerability analysis and mitigation

A Remote Code Execution (RCE) vulnerability was discovered in Zoho ManageEngine products including OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before versions 125658, 126003, 126105, and 126120. The vulnerability was reported by an anonymous researcher working with Trend Micro Zero Day Initiative and was assigned CVE-2022-38772 (ManageEngine Advisory).

The vulnerability exists within the getNmapInitialOption function and stems from improper validation of user-supplied strings before their use in system calls. The vulnerability has been assigned a CVSS score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating a high severity issue (ZDI Advisory).

When exploited, this vulnerability allows authenticated users to make database changes that can lead to remote code execution through the NMAP feature. An attacker can leverage this vulnerability to execute code in the context of SYSTEM (ZDI Advisory).

ManageEngine has released security updates to address this vulnerability. Users are advised to upgrade to the fixed versions: build 126120 (for builds between 126113 and 126119), build 126105 (for builds between 126100 and 126104), build 126003 (for builds 126000 and 126002), and build 125658 (for builds between 125450 and 125657) (ManageEngine Advisory).