PT-2021-21917 · Zoho · Zoho Manageengine Admanager Plus

Thai Nguyen

Published

2021-09-22

Updated

2021-09-29

CVE-2021-37925

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7110

Description: The issue is related to a Post-Auth OS command injection. This means that after authentication, an attacker could potentially inject commands to the operating system, which could lead to unauthorized access or control.

Recommendations: For Zoho ManageEngine ADManager Plus versions prior to 7110, update to a version later than 7110 to resolve the issue. As a temporary workaround, consider restricting access to the administrative interface to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-37925

Affected Products

Zoho Manageengine Admanager Plus

PT-2021-21917 · Zoho · Zoho Manageengine Admanager Plus

CVE-2021-37925

Weakness Enumeration

Related Identifiers

Affected Products

References · 5