Skip to main content

Manageengine Assetexplorer CVE-2021-20109

HIGH
Out-of-bounds Write (CWE-787)
2021-07-19 vulnreport@tenable.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 19, 2021 - 15:15 nvd
HIGH 7.5

DescriptionNVD

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur.

AnalysisAI

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur. Affected products include: Zohocorp Manageengine Assetexplorer.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2020-8838 MEDIUM POC
6.4 Mar 23

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. Rated medium severity (CVSS 6.4). Public exploit code av

CVE-2019-12597 MEDIUM POC
6.1 Jul 11

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo

CVE-2019-12596 MEDIUM POC
6.1 Jul 11

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo

CVE-2019-12595 MEDIUM POC
6.1 Jul 11

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo

CVE-2019-12537 MEDIUM POC
6.1 Jul 11

An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo

CVE-2021-20110 CRITICAL
9.8 Jul 19

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can stati

CVE-2023-6105 MEDIUM POC
5.5 Nov 15

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys bein

CVE-2015-2169 MEDIUM POC
4.3 Jun 24

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attacker

CVE-2019-12994 CRITICAL
9.1 Aug 08

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet v

CVE-2019-12959 HIGH
8.8 Aug 08

Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet

CVE-2023-35785 HIGH
8.1 Aug 28

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and bel

CVE-2019-14693 HIGH
8.1 Aug 08

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing lic

Share

CVE-2021-20109 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy