PT-2021-23700 · Zoho · Zoho Remote Access Plus Server

Published

2021-11-17

Updated

2022-07-12

CVE-2021-42955

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho Remote Access Plus Server Windows Desktop binary versions prior to 10.1.2132

Description The issue allows any non-admin Windows user to reset the password of the Remote Access Plus Server Admin account due to the designed password reset mechanism.

Recommendations For versions prior to 10.1.2132, update to version 10.1.2132 to resolve the issue.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2021-42955

Affected Products

Zoho Remote Access Plus Server

PT-2021-23700 · Zoho · Zoho Remote Access Plus Server

CVE-2021-42955

Weakness Enumeration

Related Identifiers

Affected Products

References · 4