What is the severity of CVE-2022-47578?

The severity of CVE-2022-47578 is high with a CVSS score of 7.8.

How does CVE-2022-47578 affect Zoho ManageEngine Device Control Plus?

CVE-2022-47578 affects Zoho ManageEngine Device Control Plus 10.1.2228.15 by allowing USB restrictions to be bypassed.

How can I fix CVE-2022-47578?

To fix CVE-2022-47578, it is recommended to update Zoho ManageEngine Device Control Plus to the latest version.

Where can I find more information about CVE-2022-47578?

You can find more information about CVE-2022-47578 in the references provided: https://medium.com/nestedif/vulnerability-disclosure-business-logic-unauthorized-data-exfiltration-bypassing-dlp-zoho-cc51465ba84a and https://www.manageengine.com/device-control/how-to/device-control.html

Vulnerability/
CVE-2022-47578

high

7.8

CWE

288

20/12/2022

3/8/2024

CVE-2022-47578

First published: Tue Dec 20 2022(Updated: )

** DISPUTED ** An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Device Control Plus	=10.1.2228.15
	=10.1.2228.15

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-47578?
CVE-2022-47578 is an issue discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15 that allows bypassing USB restrictions.
What is the severity of CVE-2022-47578?
The severity of CVE-2022-47578 is high with a CVSS score of 7.8.
How does CVE-2022-47578 affect Zoho ManageEngine Device Control Plus?
CVE-2022-47578 affects Zoho ManageEngine Device Control Plus 10.1.2228.15 by allowing USB restrictions to be bypassed.
How can I fix CVE-2022-47578?
To fix CVE-2022-47578, it is recommended to update Zoho ManageEngine Device Control Plus to the latest version.
Where can I find more information about CVE-2022-47578?
You can find more information about CVE-2022-47578 in the references provided: https://medium.com/nestedif/vulnerability-disclosure-business-logic-unauthorized-data-exfiltration-bypassing-dlp-zoho-cc51465ba84a and https://www.manageengine.com/device-control/how-to/device-control.html

agent/references
agent/type
agent/author
agent/status
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/weakness
agent/tags
agent/event
status/disputed
vendor/zohocorp
canonical/zohocorp manageengine device control plus
version/zohocorp manageengine device control plus/10.1.2228.15

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.