7.8 - CVE-2021-42955

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2021-42955	First vendor Publication	2021-11-17
Vendor	Cve	Last vendor Modification	2022-07-12

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7.8
Base Score	7.8	Environmental Score	7.8
impact SubScore	5.9	Temporal Score	7.8
Exploitabality Sub Score	1.8

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42955

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-732	Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Zohocorp Manageengine Remote Access Plus cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.447:::::::* cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.259:::::::* cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.258:::::::* cpe:2.3:a:zohocorp:manageengine_remote_access_plus::::::::	4