A critical command injection vulnerability has been identified in Zohocorp ManageEngine ADManager Plus. This flaw allows an authenticated attacker to execute arbitrary commands on the server, potentially leading to a complete system compromise, unauthorized access to the managed Active Directory environment, and significant disruption to business operations.

This is an authenticated command injection vulnerability located in the "Custom Script" component of the ADManager Plus application. An attacker with valid user credentials can craft a malicious script that, when executed through this feature, injects and runs arbitrary operating system commands with the privileges of the ADManager Plus service account. The vulnerability stems from insufficient input validation and sanitization of user-supplied data within the script execution function.

This vulnerability is rated as critical severity with a CVSS score of 9.9. Successful exploitation could lead to a complete compromise of the ADManager Plus server, granting the attacker a powerful foothold within the network. From this position, an attacker could potentially escalate privileges, move laterally into the Active Directory environment that ADManager Plus manages, steal sensitive data, deploy ransomware, or disrupt critical identity and access management services for the entire organization.

Immediate Action: Immediately upgrade all vulnerable instances of Zohocorp ManageEngine ADManager Plus to version 8024 or the latest available version as per the vendor's instructions. After patching, review application and system access logs for any signs of compromise or unusual activity preceding the update.

Proactive Monitoring: Implement enhanced monitoring on ADManager Plus servers. Look for suspicious child processes spawned by the ADManager Plus service, unexpected outbound network connections, and review application logs for unusual or obfuscated commands being executed via the Custom Script feature.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Strictly limit network access to the ADManager Plus management interface to only trusted administrative subnets.
• Enforce Multi-Factor Authentication (MFA) for all ADManager Plus accounts to make unauthorized access more difficult.
• Use internal access control lists to restrict permissions for using the Custom Script feature to a minimal number of highly trusted administrators.

Public Exploit Available: false

Given the critical 9.9 CVSS score and the administrative power of the ADManager Plus platform, we strongly recommend that organizations prioritize patching this vulnerability immediately. A compromise of this system provides a direct path to controlling the Active Directory environment. While there is no known active exploitation, the severity of the flaw means that it is highly likely to be targeted in the near future. Organizations should apply the vendor-supplied patch and implement the recommended monitoring controls without delay.