ManageEngine ADAudit Plus Advisory - 20230714003¶
Overview¶
The WA SOC have been notified that there was a high severity security vulnerability in ManageEngine ADAudit Plus, whereby, the vulnerability can allow an adversary to bypass configured Google Two Factor Authentication (or TFA authenticators) and log in to the victim's account.
What is the vulnerability?¶
CVE-2023-35785 not available at the time of publsihing this advisory, but the vulnerability was detected in ADAudit Plus as high severity.
What is vulnerable?¶
| Product Name | Affected Version(s) | Fixed Version(s) | Fixed On |
|---|---|---|---|
| ADAudit Plus | Builds 7202 and below | Build 7203 | June 19, 2023 |
| How to find your build number | |||
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):
- Download the latest upgrade pack from here
- Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above link.
If you need further information or need assistance updating the product, please get in touch with support@adauditplus.com.