CVE-2023-35785: 
Zoho ManageEngine EventLog Analyzer vulnerability analysis and mitigation

CVE-2023-35785 is a Two-Factor Authentication (2FA) bypass vulnerability affecting multiple Zoho ManageEngine products. The vulnerability was discovered in June 2023 and affects various versions of ManageEngine products including Active Directory 360, ADAudit Plus, ADManager Plus, and several others. The vulnerability specifically allows bypass of 2FA via TOTP authenticators, though it requires a valid pair of username and password to be exploited (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-287 (Improper Authentication). The technical nature of the vulnerability involves the bypass of TOTP-based two-factor authentication mechanisms in affected ManageEngine products (NVD).

If exploited, this vulnerability allows an adversary to bypass the two-factor authentication and take over the victim's account. This could lead to unauthorized access to critical resources and enable the attacker to perform unauthorized actions within the affected ManageEngine products (Vendor Advisory).

Zoho has released patches for all affected products in June 2023. Organizations are strongly advised to upgrade to the latest builds of the affected products. The fixed versions vary by product, for example: Active Directory 360 - version 4316, ADAudit Plus - version 7203, ADManager Plus - version 7201, and others. ManageEngine On-Demand/cloud products are not affected by this vulnerability (Vendor Advisory).