ManageEngine ADManager Plus Privilege Escalation
2024-10-7 21:50:23 Author: packetstormsecurity.com(查看原文) 阅读量:2 收藏

# Exploit Title: ManageEngine ADManager Plus Build < 7210 Elevation of Privilege Vulnerability
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://www.manageengine.com/
# Software Link: https://www.manageengine.com/products/ad-manager/
# Details: https://docs.unsafe-inline.com/0day/admanager-plus-build-less-than-7210-elevation-of-privilege-vulnerability-cve-2024-24409
# Version: ADManager Plus Build < 7210
# Tested against: Build 7203
# CVE: CVE-2024-24409

# Description
The Modify Computers is a predefined role in ADManager for managing computers. If a technician user has the Modify Computers privilege
over a computer can change the userAccountControl and msDS-AllowedToDelegateTo attributes of the computer object. In this way, the technician user can set Constrained Kerberos Delegation over any computer within the Organizational Unit that the user was delegated so that the attacker can perform DCSync after setting Constrained Kerberos Delegation over a computer for LDAP service of a Domain Controller server.

# Proof Of Concept
https://docs.unsafe-inline.com/0day/admanager-plus-build-less-than-7210-elevation-of-privilege-vulnerability-cve-2024-24409


文章来源: https://packetstormsecurity.com/files/182025/meadmp-escalate.txt
如有侵权请联系:admin#unsafe.sh