ET EXPLOIT ManageEngine Desktop Central Unauthorized Administrative Password Reset (CVE-2015-2560)

SID: 2063356Rev: 16 views

Sourceet/open

CreatedJuly 8, 2025

UpdatedJuly 8, 2025

Classificationattempted-admin

alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT ManageEngine Desktop Central Unauthorized Administrative Password Reset (CVE-2015-2560)"; flow:established,to_server; http.uri; content:"/DCOperationsServlet"; content:"operation=addOrModifyUser"; content:"roleId=DCAdmin"; fast_pattern; reference:cve,2015-2560; classtype:attempted-admin; sid:2063356; rev:1; metadata:affected_product Zoho_ManageEngine, attack_target Server, created_at 2025_07_08, cve CVE_2015_2560, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_07_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

cve

2015-2560

Metadata

affected productZoho_ManageEngine

attack targetServer

created at2025_07_08

cveCVE-2015-2560

deploymentInternal

performance impactLow

confidenceHigh

signature severityMajor

tagExploit

updated at2025_07_08

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!