CVE-2021-40539

Description

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.

References

https://veriti.ai/blog/vulnerable-villain-when-hackers-get-hacked/

https://fortifydata.com/blog/cve-2019-1653-cve-2019-1652-cve-2021-40539-cve-2021-27860-volt-typhoon/

https://www.zscaler.com/blogs/security-research/retrospective-avoslocker

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://www.trendmicro.com/en_hk/research/23/f/an-overview-of-the-trigona-ransomware.html

https://www.tenable.com/blog/volt-typhoon-cybersecurity-advisory

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a

https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report

https://www.tenable.com/blog/cve-2022-47523-manageengine-password-manager-pro-pam360-and-access-manager-plus-sql-injection

https://www.tenable.com/blog/cisa-top-20-cves-exploited-peoples-republic-of-china-state-sponsored-actors-aa22-279a

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.trendmicro.com/en_th/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html

https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

https://www.manageengine.com

http://packetstormsecurity.com/files/165085/ManageEngine-ADSelfService-Plus-Authentication-Bypass-Code-Execution.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3