Security Updates - CVE-2024-5466| ManageEngine OpManager

Authenticated Remote Code Execution (RCE) Vulnerability - CVE-2024-5466

Severity: High

CVE ID: CVE-2024-5466

Product name	Affected Version(s)	Fixed Version(s)	Fixed On
OpManager OpManager Plus OpManager MSP RMM
	From version 128316 to 128319	128330	09-08-2024
	From version 128316 to 128319	128320	20-08-2024
	From version 128234 to 128267	128268	16-08-2024
	Below version 128187	128188	19-08-2024

Details:

A Remote Code Execution (RCE) vulnerability could be exploited by users with 'Write' access to the 'Deploy Agent' action in the UI. This has been fixed now.

Impact:

This vulnerability allows users with 'Write' access to execute custom arbitrary commands on target servers.

Fix:

This issue has been fixed by introducing parameter validation checks to verify the parameters before initiating remote connection.

Steps to upgrade:

Kindly download the latest upgrade pack from here.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements:

This vulnerability was reported by Daniel Santos.

Kindly contact our product support teams for further details, at the email address mentioned below:

OpManager : opmanager-support@manageengine.com
OpManager Plus : opmanagerplus-support@manageengine.com
OpManager MSP : msp-opmanager-support@manageengine.com

Authenticated Remote Code Execution (RCE) Vulnerability - CVE-2024-5466

Features

Sectors

Quick links

Why OpManager

Company

Training and Support

Connect with us: