CVE-2022-40773: n/a in n/a
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
AI Analysis
Technical Summary
CVE-2022-40773 is a high-severity privilege escalation vulnerability affecting Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10609 and SupportCenter Plus versions prior to 11025. The vulnerability allows users with limited privileges to escalate their access rights and obtain sensitive data during the export of request lists, specifically through the exportMickeyList functionality. This issue arises due to improper input validation or access control flaws (classified under CWE-20: Improper Input Validation), enabling unauthorized data exposure. The CVSS v3.1 base score of 8.8 reflects the critical nature of this vulnerability, with an attack vector over the network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H), indicating that exploitation could lead to significant data breaches, unauthorized data manipulation, and potential service disruption. Although no known exploits are currently reported in the wild, the vulnerability's characteristics suggest that attackers with some level of access could leverage this flaw to gain elevated privileges and access sensitive information, potentially compromising the entire service management environment. Given that ManageEngine ServiceDesk Plus MSP and SupportCenter Plus are widely used IT service management solutions, this vulnerability poses a substantial risk to organizations relying on these platforms for handling internal and external service requests and sensitive operational data.
Potential Impact
For European organizations, the impact of CVE-2022-40773 can be severe. Many enterprises, managed service providers (MSPs), and government agencies in Europe use Zoho ManageEngine products for IT service management and support operations. Exploitation of this vulnerability could lead to unauthorized access to sensitive customer data, internal service requests, and potentially confidential operational information. This could result in data breaches violating GDPR and other data protection regulations, leading to legal penalties and reputational damage. Furthermore, the ability to escalate privileges might allow attackers to manipulate or disrupt service desk operations, impacting business continuity and service quality. The high confidentiality, integrity, and availability impact means that attackers could exfiltrate data, alter records, or cause denial of service conditions. European organizations with complex IT environments and regulatory compliance requirements are particularly at risk, as the compromise of service management platforms can cascade into broader security incidents affecting multiple systems and stakeholders.
Mitigation Recommendations
To mitigate CVE-2022-40773 effectively, European organizations should: 1) Immediately apply the vendor-released patches for ManageEngine ServiceDesk Plus MSP (version 10609 or later) and SupportCenter Plus (version 11025 or later) as soon as they become available. 2) Restrict access to the exportMickeyList functionality and other export features to only highly trusted and necessary users, implementing strict role-based access controls (RBAC). 3) Monitor and audit export activities and privilege escalations within the service management platforms to detect anomalous behavior early. 4) Employ network segmentation and limit exposure of the service management interfaces to trusted networks and VPNs to reduce the attack surface. 5) Conduct regular security assessments and penetration testing focused on privilege escalation vectors within ITSM tools. 6) Educate administrators and users about the risks of privilege escalation and enforce the principle of least privilege across all service desk operations. 7) Implement multi-factor authentication (MFA) for accessing the service management consoles to add an additional layer of security against unauthorized access. These measures, combined with timely patching, will significantly reduce the risk posed by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden, Poland, Ireland
CVE-2022-40773: n/a in n/a
Description
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
AI-Powered Analysis
Technical Analysis
CVE-2022-40773 is a high-severity privilege escalation vulnerability affecting Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10609 and SupportCenter Plus versions prior to 11025. The vulnerability allows users with limited privileges to escalate their access rights and obtain sensitive data during the export of request lists, specifically through the exportMickeyList functionality. This issue arises due to improper input validation or access control flaws (classified under CWE-20: Improper Input Validation), enabling unauthorized data exposure. The CVSS v3.1 base score of 8.8 reflects the critical nature of this vulnerability, with an attack vector over the network (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H), indicating that exploitation could lead to significant data breaches, unauthorized data manipulation, and potential service disruption. Although no known exploits are currently reported in the wild, the vulnerability's characteristics suggest that attackers with some level of access could leverage this flaw to gain elevated privileges and access sensitive information, potentially compromising the entire service management environment. Given that ManageEngine ServiceDesk Plus MSP and SupportCenter Plus are widely used IT service management solutions, this vulnerability poses a substantial risk to organizations relying on these platforms for handling internal and external service requests and sensitive operational data.
Potential Impact
For European organizations, the impact of CVE-2022-40773 can be severe. Many enterprises, managed service providers (MSPs), and government agencies in Europe use Zoho ManageEngine products for IT service management and support operations. Exploitation of this vulnerability could lead to unauthorized access to sensitive customer data, internal service requests, and potentially confidential operational information. This could result in data breaches violating GDPR and other data protection regulations, leading to legal penalties and reputational damage. Furthermore, the ability to escalate privileges might allow attackers to manipulate or disrupt service desk operations, impacting business continuity and service quality. The high confidentiality, integrity, and availability impact means that attackers could exfiltrate data, alter records, or cause denial of service conditions. European organizations with complex IT environments and regulatory compliance requirements are particularly at risk, as the compromise of service management platforms can cascade into broader security incidents affecting multiple systems and stakeholders.
Mitigation Recommendations
To mitigate CVE-2022-40773 effectively, European organizations should: 1) Immediately apply the vendor-released patches for ManageEngine ServiceDesk Plus MSP (version 10609 or later) and SupportCenter Plus (version 11025 or later) as soon as they become available. 2) Restrict access to the exportMickeyList functionality and other export features to only highly trusted and necessary users, implementing strict role-based access controls (RBAC). 3) Monitor and audit export activities and privilege escalations within the service management platforms to detect anomalous behavior early. 4) Employ network segmentation and limit exposure of the service management interfaces to trusted networks and VPNs to reduce the attack surface. 5) Conduct regular security assessments and penetration testing focused on privilege escalation vectors within ITSM tools. 6) Educate administrators and users about the risks of privilege escalation and enforce the principle of least privilege across all service desk operations. 7) Implement multi-factor authentication (MFA) for accessing the service management consoles to add an additional layer of security against unauthorized access. These measures, combined with timely patching, will significantly reduce the risk posed by this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-09-18T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9839c4522896dcbecea4
Added to database: 5/21/2025, 9:09:13 AM
Last enriched: 7/2/2025, 2:40:19 AM
Last updated: 7/31/2025, 8:50:02 PM
Views: 14
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.