Severity: High
CVE ID: CVE-2024-5471
Affected Software Version(s): DDI Central Node Agent builds below 4002
Fixed Version: Build 4002
Fixed on: May 6, 2024
Details:
The ManageEngine DDI Node Agent build number 4001 had a high severity vulnerability where the sensitive keys were hard-coded, making it easy to take over agent node servers. The vulnerability was fixed by dynamically generating the dynamic keys during each installation, and using a unique ID that varies for each agent server, enhancing security.
Impact:
This flaw allowed attackers to easily gain unauthorized control over agent nodes, compromising the entire system's security.
Acknowledgements:
This issue was reported by Zewei Zhang from NSFOCUS TIANJI Lab.