Detections
Analytics
ManageEngine ADManager Plus < 7111 RCE
critical Nessus Plugin ID 153157
Language:
Synopsis
An Active Directory management application running on the remote host is affected by a remote code execution vulnerability.Description
The ManageEngine ADManager Plus running on the remote host is affected by a remote code execution vulnerability due to improper validation of user-supplied data. An unauthenticated, remote attacker can exploit this, via a specially crafted message that uploads a file, to execute arbitrary code on the remote host.Solution
Upgrade to ADManager Plus build 7111 or later.See Also
https://www.manageengine.com/products/ad-manager/release-notes.html
Plugin Details
Severity: Critical
ID: 153157
File Name: manageengine_admanager_plus_7111_rce.nbin
Version: 1.57
Type: remote
Family: CGI abuses
Published: 9/9/2021
Updated: 11/12/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-37931
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:zohocorp:manageengine_admanager_plus
Required KB Items: installed_sw/ManageEngine ADManager Plus
Exploit Ease: No known exploits are available
Patch Publication Date: 7/29/2021
Vulnerability Publication Date: 7/29/2021
Reference Information
CVE: CVE-2021-37539, CVE-2021-37741, CVE-2021-37761, CVE-2021-37762, CVE-2021-37918, CVE-2021-37922, CVE-2021-37926, CVE-2021-37928, CVE-2021-37929, CVE-2021-37930, CVE-2021-37931