What is the vulnerability ID?

The vulnerability ID is CVE-2022-47577.

What is the severity of CVE-2022-47577?

The severity of CVE-2022-47577 is high, with a CVSS score of 7.8.

What is affected by CVE-2022-47577?

Zoho ManageEngine Device Control Plus version 10.1.2228.15 is affected by CVE-2022-47577.

What is the description of CVE-2022-47577?

CVE-2022-47577 is a security issue in Zoho ManageEngine Device Control Plus 10.1.2228.15 that allows bypassing USB restrictions.

How can I fix CVE-2022-47577?

To fix CVE-2022-47577, update Zoho ManageEngine Device Control Plus to a version that contains the security patch.

Vulnerability/
CVE-2022-47577

high

7.8

20/12/2022

21/11/2024

CVE-2022-47577

First published: Tue Dec 20 2022(Updated: )

** DISPUTED ** An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product."

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Device Control Plus	=10.1.2228.15
	=10.1.2228.15

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-47577.
What is the severity of CVE-2022-47577?
The severity of CVE-2022-47577 is high, with a CVSS score of 7.8.
What is affected by CVE-2022-47577?
Zoho ManageEngine Device Control Plus version 10.1.2228.15 is affected by CVE-2022-47577.
What is the description of CVE-2022-47577?
CVE-2022-47577 is a security issue in Zoho ManageEngine Device Control Plus 10.1.2228.15 that allows bypassing USB restrictions.
How can I fix CVE-2022-47577?
To fix CVE-2022-47577, update Zoho ManageEngine Device Control Plus to a version that contains the security patch.

agent/references
agent/type
agent/author
agent/status
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/tags
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
status/disputed
vendor/zohocorp
canonical/zohocorp manageengine device control plus
version/zohocorp manageengine device control plus/10.1.2228.15

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.