Lucene search

[email protected]CVE-2021-43319

HistoryNov 30, 2021 - 7:15 p.m.

CVE-2021-43319

2021-11-3019:15:10

CWE-77

[email protected]

web.nvd.nist.gov

cve-2021-43319

zoho

network configuration manager

command injection

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality.

Affected configurations

NVD

Node

zohocorpmanageengine_network_configuration_managerMatch11.0-

zohocorpmanageengine_network_configuration_managerMatch11.0build11000

zohocorpmanageengine_network_configuration_managerMatch12.0-

zohocorpmanageengine_network_configuration_managerMatch12.0build12000

zohocorpmanageengine_network_configuration_managerMatch12.1-

zohocorpmanageengine_network_configuration_managerMatch12.1build12100

zohocorpmanageengine_network_configuration_managerMatch12.2-

zohocorpmanageengine_network_configuration_managerMatch12.2build12200

zohocorpmanageengine_network_configuration_managerMatch12.3-

zohocorpmanageengine_network_configuration_managerMatch12.3build12300

zohocorpmanageengine_network_configuration_managerMatch12.3build123008

zohocorpmanageengine_network_configuration_managerMatch12.3build123023

zohocorpmanageengine_network_configuration_managerMatch12.3build123035

zohocorpmanageengine_network_configuration_managerMatch12.3build123052

zohocorpmanageengine_network_configuration_managerMatch12.3build123055

zohocorpmanageengine_network_configuration_managerMatch12.3build123057

zohocorpmanageengine_network_configuration_managerMatch12.3build123064

zohocorpmanageengine_network_configuration_managerMatch12.3build123069

zohocorpmanageengine_network_configuration_managerMatch12.3build123070

zohocorpmanageengine_network_configuration_managerMatch12.3build123083

zohocorpmanageengine_network_configuration_managerMatch12.3build123091

zohocorpmanageengine_network_configuration_managerMatch12.3build123105

zohocorpmanageengine_network_configuration_managerMatch12.3build123106

zohocorpmanageengine_network_configuration_managerMatch12.3build123123

zohocorpmanageengine_network_configuration_managerMatch12.3build123129

zohocorpmanageengine_network_configuration_managerMatch12.3build123137

zohocorpmanageengine_network_configuration_managerMatch12.3build123151

zohocorpmanageengine_network_configuration_managerMatch12.3build123156

zohocorpmanageengine_network_configuration_managerMatch12.3build123159

zohocorpmanageengine_network_configuration_managerMatch12.3build123169

zohocorpmanageengine_network_configuration_managerMatch12.3build123177

zohocorpmanageengine_network_configuration_managerMatch12.3build123179

zohocorpmanageengine_network_configuration_managerMatch12.3build123191

zohocorpmanageengine_network_configuration_managerMatch12.3build123194

zohocorpmanageengine_network_configuration_managerMatch12.3build123206

zohocorpmanageengine_network_configuration_managerMatch12.3build123207

zohocorpmanageengine_network_configuration_managerMatch12.3build123214

zohocorpmanageengine_network_configuration_managerMatch12.3build123215

zohocorpmanageengine_network_configuration_managerMatch12.3build123217

zohocorpmanageengine_network_configuration_managerMatch12.3build123218

zohocorpmanageengine_network_configuration_managerMatch12.3build123222

zohocorpmanageengine_network_configuration_managerMatch12.3build123223

zohocorpmanageengine_network_configuration_managerMatch12.3build123231

zohocorpmanageengine_network_configuration_managerMatch12.3build123237

zohocorpmanageengine_network_configuration_managerMatch12.3build123239

zohocorpmanageengine_network_configuration_managerMatch12.3build123274

zohocorpmanageengine_network_configuration_managerMatch12.3build123277

zohocorpmanageengine_network_configuration_managerMatch12.3build123279

zohocorpmanageengine_network_configuration_managerMatch12.3build123288

zohocorpmanageengine_network_configuration_managerMatch12.3build123304

zohocorpmanageengine_network_configuration_managerMatch12.3build123306

zohocorpmanageengine_network_configuration_managerMatch12.3build123312

zohocorpmanageengine_network_configuration_managerMatch12.3build123323

zohocorpmanageengine_network_configuration_managerMatch12.3build123327

zohocorpmanageengine_network_configuration_managerMatch12.4-

zohocorpmanageengine_network_configuration_managerMatch12.4build124000

zohocorpmanageengine_network_configuration_managerMatch12.4build124022

zohocorpmanageengine_network_configuration_managerMatch12.4build124024

zohocorpmanageengine_network_configuration_managerMatch12.4build124026

zohocorpmanageengine_network_configuration_managerMatch12.4build124031

zohocorpmanageengine_network_configuration_managerMatch12.4build124041

zohocorpmanageengine_network_configuration_managerMatch12.4build124043

zohocorpmanageengine_network_configuration_managerMatch12.4build124057

zohocorpmanageengine_network_configuration_managerMatch12.4build124073

zohocorpmanageengine_network_configuration_managerMatch12.4build124079

zohocorpmanageengine_network_configuration_managerMatch12.4build124094

zohocorpmanageengine_network_configuration_managerMatch12.4build124095

zohocorpmanageengine_network_configuration_managerMatch12.4build124098

zohocorpmanageengine_network_configuration_managerMatch12.4build124099

zohocorpmanageengine_network_configuration_managerMatch12.4build124103

zohocorpmanageengine_network_configuration_managerMatch12.4build124104

zohocorpmanageengine_network_configuration_managerMatch12.4build124168

zohocorpmanageengine_network_configuration_managerMatch12.4build124172

zohocorpmanageengine_network_configuration_managerMatch12.4build124176

zohocorpmanageengine_network_configuration_managerMatch12.4build124177

zohocorpmanageengine_network_configuration_managerMatch12.4build124181

zohocorpmanageengine_network_configuration_managerMatch12.4build124186

zohocorpmanageengine_network_configuration_managerMatch12.4build124188

zohocorpmanageengine_network_configuration_managerMatch12.4build124196

zohocorpmanageengine_network_configuration_managerMatch12.5-

zohocorpmanageengine_network_configuration_managerMatch12.5build125000

zohocorpmanageengine_network_configuration_managerMatch12.5build125108

zohocorpmanageengine_network_configuration_managerMatch12.5build125112

zohocorpmanageengine_network_configuration_managerMatch12.5build125115

zohocorpmanageengine_network_configuration_managerMatch12.5build125116

zohocorpmanageengine_network_configuration_managerMatch12.5build125120

zohocorpmanageengine_network_configuration_managerMatch12.5build125121

zohocorpmanageengine_network_configuration_managerMatch12.5build125125

zohocorpmanageengine_network_configuration_managerMatch12.5build125129

zohocorpmanageengine_network_configuration_managerMatch12.5build125136

zohocorpmanageengine_network_configuration_managerMatch12.5build125142

zohocorpmanageengine_network_configuration_managerMatch12.5build125149

zohocorpmanageengine_network_configuration_managerMatch12.5build125180

zohocorpmanageengine_network_configuration_managerMatch12.5build125195

zohocorpmanageengine_network_configuration_managerMatch12.5build125199

zohocorpmanageengine_network_configuration_managerMatch12.5build125212

zohocorpmanageengine_network_configuration_managerMatch12.5build125213

zohocorpmanageengine_network_configuration_managerMatch12.5build125216

zohocorpmanageengine_network_configuration_managerMatch12.5build125228

zohocorpmanageengine_network_configuration_managerMatch12.5build125232

zohocorpmanageengine_network_configuration_managerMatch12.5build125233

zohocorpmanageengine_network_configuration_managerMatch12.5build125234

zohocorpmanageengine_network_configuration_managerMatch12.5build125323

zohocorpmanageengine_network_configuration_managerMatch12.5build125325

zohocorpmanageengine_network_configuration_managerMatch12.5build125327

zohocorpmanageengine_network_configuration_managerMatch12.5build125329

zohocorpmanageengine_network_configuration_managerMatch12.5build125343

zohocorpmanageengine_network_configuration_managerMatch12.5build125345

zohocorpmanageengine_network_configuration_managerMatch12.5build125358

zohocorpmanageengine_network_configuration_managerMatch12.5build125362

zohocorpmanageengine_network_configuration_managerMatch12.5build125363

zohocorpmanageengine_network_configuration_managerMatch12.5build125378

zohocorpmanageengine_network_configuration_managerMatch12.5build125392

zohocorpmanageengine_network_configuration_managerMatch12.5build125399

zohocorpmanageengine_network_configuration_managerMatch12.5build125417

zohocorpmanageengine_network_configuration_managerMatch12.5build125436

zohocorpmanageengine_network_configuration_managerMatch12.5build125445

zohocorpmanageengine_network_configuration_managerMatch12.5build125455

zohocorpmanageengine_network_configuration_managerMatch12.5build125465

zohocorpmanageengine_network_configuration_managerMatch12.5build125469

zohocorpmanageengine_network_configuration_managerMatch12.5build125471

zohocorpmanageengine_network_configuration_managerMatch12.5build125482

zohocorpmanageengine_network_configuration_managerMatch12.5build125483

zohocorpmanageengine_network_configuration_managerMatch12.5build125485

CPENameOperatorVersion
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq11.0
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.0
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.1
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.2
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.3
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.4
zohocorp:manageengine_network_configuration_managerzohocorp manageengine network configuration managereq12.5

CPE	Name	Operator	Version
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	11.0
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.0
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.1
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.2
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.3
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.4
zohocorp:manageengine_network_configuration_manager	zohocorp manageengine network configuration manager	eq	12.5

References

manageengine.com

www.manageengine.com/network-configuration-manager/release-notes.html#125488

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

Related for CVE-2021-43319

cvelist1 nvd1 cnvd1 checkpoint_advisories1 prion1