CVE-2022-47578

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."
Configurations

Configuration 1 (hide)

cpe:2.3:a:zohocorp:manageengine_device_control_plus:10.1.2228.15:*:*:*:*:*:*:*

History

21 Nov 2024, 07:32

Type Values Removed Values Added
References () https://medium.com/nestedif/vulnerability-disclosure-business-logic-unauthorized-data-exfiltration-bypassing-dlp-zoho-cc51465ba84a - Exploit, Third Party Advisory () https://medium.com/nestedif/vulnerability-disclosure-business-logic-unauthorized-data-exfiltration-bypassing-dlp-zoho-cc51465ba84a - Exploit, Third Party Advisory
References () https://www.manageengine.com/device-control/how-to/device-control.html - Vendor Advisory () https://www.manageengine.com/device-control/how-to/device-control.html - Vendor Advisory
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 7.1

01 Aug 2024, 13:43

Type Values Removed Values Added
CWE CWE-288

07 Nov 2023, 03:56

Type Values Removed Values Added
Summary ** DISPUTED ** An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product." An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."

Information

Published : 2022-12-20 04:15

Updated : 2024-11-21 07:32


NVD link : CVE-2022-47578

Mitre link : CVE-2022-47578

CVE.ORG link : CVE-2022-47578


JSON object : View

Products Affected

zohocorp

  • manageengine_device_control_plus
CWE
NVD-CWE-noinfo CWE-288

Authentication Bypass Using an Alternate Path or Channel