CVE-2021-20109
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-20109
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZOHO ManageEngine AssetExplorer 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZOHO ManageEngine AssetExplorer是美国卓豪(ZOHO)公司的一套资产管理软件。该软件提供资产跟踪、IT资产的扫描和资产所有权的跟踪等功能。 ZOHO ManageEngine AssetExplorer 存在信任管理问题漏洞,该漏洞允许攻击者可利用该漏洞向网络上的侦听代理发送一个NEWSCAN请求,并接收代理的HTTP请求来验证其身份验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Manage Engine Asset Explorer Agent | 1.0.34 | - |
II. Public POCs for CVE-2021-20109
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-20109
请登录查看更多情报信息。
Same Patch Batch · n/a · 2021-07-19 · 35 CVEs total
| CVE-2021-33027 | Sylabs Singularity 安全特征问题漏洞 | |
| CVE-2021-20108 | ZOHO ManageEngine AssetExplorer 安全漏洞 | |
| CVE-2021-35449 | Lexmark Universal Print Driver 安全漏洞 | |
| CVE-2021-34817 | Etherpad 跨站脚本漏洞 | |
| CVE-2021-32014 | SheetJS Pro 资源管理错误漏洞 | |
| CVE-2021-32013 | SheetJS Pro 资源管理错误漏洞 | |
| CVE-2021-32012 | SheetJS Pro 资源管理错误漏洞 | |
| CVE-2021-31216 | Siren Investigate 代码问题漏洞 | |
| CVE-2021-3279 | Fortics sz.chat 跨站脚本漏洞 | |
| CVE-2021-20110 | ZOHO ManageEngine AssetExplorer 信任管理问题漏洞 | |
| CVE-2021-33501 | Overwolf 跨站脚本漏洞 | |
| CVE-2020-36421 | Arm Mbed TLS 安全漏洞 | |
| CVE-2020-36422 | Arm Mbed TLS 安全漏洞 | |
| CVE-2020-36423 | Arm Mbed TLS 安全漏洞 | |
| CVE-2020-36424 | Arm Mbed TLS 安全漏洞 | |
| CVE-2020-36425 | ARM mbed TLS 信任管理问题漏洞 | |
| CVE-2020-36426 | ARM mbed TLS 缓冲区错误漏洞 | |
| CVE-2020-22650 | AlienVault Ossim 安全漏洞 | |
| CVE-2021-31590 | PwnDoc 安全漏洞 | |
| CVE-2021-34618 | Aruba Networks Instant 资源管理错误漏洞 |
Showing top 20 of 35 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2021-20109
No comments yet