CVE-2021-20136

ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.tenable.com/security/research/tra-2021-48	Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2021-48	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_log360::::::::
	cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5232::::::
	cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5233::::::
	cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5234::::::

History

21 Nov 2024, 05:45

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/research/tra-2021-48 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2021-48 - Exploit, Third Party Advisory

Information

Published : 2021-11-01 21:15

Updated : 2024-11-21 05:45

NVD link : CVE-2021-20136

Mitre link : CVE-2021-20136

CVE.ORG link : CVE-2021-20136

JSON object : View

Products Affected

zohocorp

manageengine_log360

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2021-20136", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-11-01T21:15:07.620", "references": [{"url": "https://www.tenable.com/security/research/tra-2021-48", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2021-48", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup."}, {"lang": "es", "value": "ManageEngine Log360 Compilaciones anteriores a 5235, est\u00e1n afectadas por una vulnerabilidad de control de acceso inapropiada que permite sobrescribir la configuraci\u00f3n de la base de datos. Un atacante remoto no autenticado puede enviar un mensaje especialmente dise\u00f1ado a Log360 para cambiar su base de datos backend a una base de datos controlada por el atacante y forzar a Log360 a reiniciarse. Un atacante puede aprovechar esta vulnerabilidad para lograr una ejecuci\u00f3n de c\u00f3digo remota mediante la sustituci\u00f3n de los archivos ejecutados por Log360 al iniciarse"}], "lastModified": "2024-11-21T05:45:59.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCD8554A-4647-41A9-BAE8-2980B81FC7FC", "versionEndIncluding": "5.2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5232:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE41F064-AE35-4E88-BD20-1B32022FFACD"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5233:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFC3D01A-4F7C-497D-A98C-3A35338C8825"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5234:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BC3ECB9-8646-45EC-83B6-375F0CEF27AC"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}