Manageengine Assetexplorer
CVE-2021-20109
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur.
AnalysisAI
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur. Affected products include: Zohocorp Manageengine Assetexplorer.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Manageengine Assetexplorer
View allAn issue was discovered in Zoho ManageEngine AssetExplorer 6.5. Rated medium severity (CVSS 6.4). Public exploit code av
An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo
An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo
An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo
An issue was discovered in Zoho ManageEngine AssetExplorer. Rated medium severity (CVSS 6.1), this vulnerability is remo
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can stati
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys bein
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attacker
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer version 6.2.0 for the AJaxServlet servlet v
Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetExplorer 6.2.0 and before for the ClientUtilServlet
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and bel
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing lic
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today