Security Updates - CVE-2024-5466| ManageEngine OpManager

Authenticated Remote Code Execution (RCE) Vulnerability - CVE-2024-5466

Severity: High

CVE ID: CVE-2024-5466

Product name	Affected Version(s)	Fixed Version(s)	Fixed On
OpManager OpManager Plus OpManager MSP RMM	128329 and below	128330	09-08-2024
		128320	20-08-2024
		128268	16-08-2024
		128188	19-08-2024

Details:

A Remote Code Execution (RCE) vulnerability could be exploited by users with 'Write' access to the 'Deploy Agent' action in the UI. This has been fixed now.

Impact:

This vulnerability allows users with 'Write' access to execute custom arbitrary commands on target servers.

Fix:

This issue has been fixed by introducing parameter validation checks to verify the parameters before initiating remote connection.

Steps to upgrade:

Kindly download the latest upgrade pack from here.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements:

This vulnerability was reported by Daniel Santos.

Kindly contact our product support teams for further details, at the email address mentioned below:

OpManager : opmanager-support@manageengine.com
OpManager Plus : opmanagerplus-support@manageengine.com
OpManager MSP : msp-opmanager-support@manageengine.com

Authenticated Remote Code Execution (RCE) Vulnerability - CVE-2024-5466

Features

Sectors

Quick links

Why OpManager

Company

Training and Support

Connect with us: