CVE-2023-47211: 
Zoho ManageEngine NetFlow Analyzer vulnerability analysis and mitigation

A directory traversal vulnerability (CVE-2023-47211) was discovered in the uploadMib functionality of ManageEngine OpManager 12.7.258. The vulnerability was discovered by Marcin 'Icewall' Noga of Cisco Talos and publicly disclosed on January 8, 2024. The affected products include OpManager, OpManager Plus, OpManager MSP, NetFlow Analyzer, and OpUtils, with versions ranging from 127249 to 127259 (Vendor Advisory, Talos Report).

The vulnerability exists in the MiB file upload functionality, specifically when using the Upload MiB feature in the MiB Browser tool via Upload MiB API. The flaw allows authenticated users to manipulate the file path or location of uploaded MiB files outside the intended product installation directory. The vulnerability received a CVSS v3.1 score of 9.1 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L. It is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (Talos Report).

The vulnerability enables authenticated users with access to MiB Browser functionality to create arbitrary files outside the intended 'OpManager/mibs' directory through specially crafted HTTP requests. This could potentially lead to unauthorized access or control over network management systems (Vendor Advisory).

The vulnerability has been fixed in build 127260 and above through the implementation of path sanitization, ensuring new MiB files are stored exclusively under the 'OpManager/mibs' directory. Users are advised to download and apply the latest upgrade pack to their existing product installation (Vendor Advisory).