CVE-2023-48646: Fixed vulnerability - CVE-2023-48646 | ManageEngine RecoveryManager Plus

CVE-2023-48646 – Remote Code Execution Vulnerability in RecoveryManager Plus

Vulnerability Details

Severity

Low

CVE ID

CVE-2023-48646

Affected software versions

6062 and below

Fixed version

6070

Fixed on

June 30, 2023

Details

RecoveryManager Plus builds 6062 and older were reported to have an authenticated remote code execution vulnerability. This has been fixed in the build 6070; its release notes can be found here.

Impact

An authenticated user with admin privileges can remotely execute codes on the machine where RecoveryManager Plus is installed through proxy settings.

Steps to update

Update your RecoveryManager Plus instance to 6070 using the service pack.

Acknowledgements

This vulnerability was discovered by hir0ot working with Trend Micro Zero Day Initiative.