Severity : High
CVE ID : CVE-2023-35785
This advisory addresses an TFA bypass vulnerability via a few TOTP authenticators in multiple ManageEngine products. To leverage this vulnerability, a valid pair of username and password is required. The affected products and patch details are below:
|Product Name||Impacted Version(s)||Fixed Version(s)||Released On|
|Active Directory 360||4315 and below||4316||20/06/23|
|ADAudit Plus||7202 and below||7203||19/06/23|
|ADManager Plus||7200 and below||7201||20/06/23|
|Asset Explorer||6993 and below
7002 and below
|Cloud Security Plus||4161 and below||4162||21/06/23|
|Data Security Plus||6110 and below||6111||21/06/23|
|Eventlog Analyzer||12301 and below||12302||19/06/23|
|Exchange Reporter Plus||5709 and below||5710||21/06/23|
|Log360||5315 and below||5316||19/06/23|
|Log360 UEBA||4045 and below||4046||20/06/23|
|M365 Manager Plus||4529 and below||4531||21/06/23|
|M365 Security Plus||4529 and below||4531||21/06/23|
|Recovery Manager Plus||6061 and below||6062||21/06/23|
|ServiceDesk Plus||14302 and below
14204 and below
|ServiceDesk Plus MSP||14300 and below||14301||19/06/2023|
|SharePoint Manager Plus||4402 and below||4403||21/06/23|
|Support Center Plus||14300 and below||14301||21/06/23|
Given the severity of this vulnerability, customers are strongly advised to upgrade to the latest build of the above products immediately.
This vulnerability allows an adversary to bypass the two factor authentication and take over the victim's account.
Note: ManageEngine On-Demand/cloud products are not affected by this vulnerability.
This vulnerability was reported by dalt4sec through our Bug Bounty program.
Please contact our product support or email@example.com if you need any further assistance.