Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-47578

CVSS 7.1 · High EPSS 0.02% · P7
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-47578

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZOHO ManageEngine Device Control Plus 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZOHO ManageEngine Device Control Plus是美国卓豪(ZOHO)公司的一款 USB 设备控制软件。用于控制、阻止和监视连接到计算机的所有可移动设备。 ZOHO ManageEngine Device Control Plus 10.1.2228.15版本存在安全漏洞,该漏洞源于可以通过引导到安全模式来绕过USB限制。攻击者利用该漏洞在笔记本电脑或系统外部交换文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-47578

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-47578

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-12-20 · 48 CVEs total

CVE-2022-475777.1 HIGHZOHO ManageEngine Device Control Plus 安全漏洞
CVE-2022-46542Tenda F1203 安全漏洞
CVE-2022-46548Tenda F1203 安全漏洞
CVE-2022-46551Tenda F1203 安全漏洞
CVE-2022-46910TP-Link TL-WA901N 安全漏洞
CVE-2022-46912TP-Link TL-WR841N 安全漏洞
CVE-2022-46914TP-LINK TL-WA801N 安全漏洞
CVE-2022-47629libksba 输入验证错误漏洞
CVE-2022-46550Tenda F1203 安全漏洞
CVE-2022-46544Tenda F1203 安全漏洞
CVE-2022-46543Tenda F1203 安全漏洞
CVE-2022-46545Tenda F1203 安全漏洞
CVE-2022-46541Tenda F1203 安全漏洞
CVE-2022-46540Tenda F1203 安全漏洞
CVE-2022-46539Tenda F1203 安全漏洞
CVE-2022-46538Tenda F1203 操作系统命令注入漏洞
CVE-2022-46537Tenda F1203 安全漏洞
CVE-2022-46536Tenda F1203 安全漏洞
CVE-2022-46535Tenda F1203 安全漏洞
CVE-2022-46534Tenda F1203 安全漏洞

Showing top 20 of 48 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-47578

No comments yet

Leave a comment