Back

Critical RCE Vulnerability in ManageEngine Fixed

Severity: Medium (Score: 57.8)

Sources: nvd.nist.gov, Manageengine

Summary

A Remote Code Execution (RCE) vulnerability, identified as CVE-2024-5466, was discovered in Zohocorp's ManageEngine OpManager and Remote Monitoring and Management software, affecting versions 128329 and below. The flaw allowed users with 'Write' access to execute arbitrary commands on target servers via the 'Deploy Agent' action in the UI. This vulnerability was reported by Daniel Santos and has been addressed by implementing parameter validation checks. Users are urged to update to the latest version to mitigate risks. The vulnerability was published on August 23, 2024, and has now been fixed as of May 16, 2026. Key Points: • CVE-2024-5466 allows RCE for users with 'Write' access in ManageEngine software. • The vulnerability affects ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below. • Parameter validation checks have been introduced to mitigate the RCE risk.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2024-5466 (cve)
  • CWE-94 - Code Injection (cwe)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed