Vulnerability DatabaseCVE-2021-41833

CVE-2021-41833:
Zoho ManageEngine Patch Connect Plus vulnerability analysis and mitigation

Overview

CVE-2021-41833 is a critical security vulnerability affecting Zoho ManageEngine Patch Connect Plus versions before build 90099. The vulnerability was discovered and disclosed in October 2021, allowing unauthenticated remote code execution on affected systems (NVD, Vendor Advisory).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). This indicates that the vulnerability requires no privileges or user interaction to exploit, and can be accessed from the network with low attack complexity (NVD).

Impact

The vulnerability allows attackers to execute remote code on affected systems without requiring any authentication. This could lead to complete system compromise, with potential impacts including unauthorized access to sensitive data, system modification, and service disruption (NVD).

Mitigation and workarounds

Zoho has released a fix for this vulnerability in build 90099. Organizations using affected versions of ManageEngine Patch Connect Plus should immediately upgrade to this version or later to address the vulnerability (Vendor Advisory).

Additional resources

Source: This report was generated using AI

Related Zoho ManageEngine Patch Connect Plus vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2021-41833	CRITICAL	9.8	Zoho ManageEngine Patch Connect Plus	cpe:2.3:a:zohocorp:manageengine_patch_connect_plus	No	No	Nov 11, 2021
CVE-2019-12133	HIGH	7.8	Zoho ManageEngine EventLog Analyzer	cpe:2.3:a:zohocorp:manageengine_patch_connect_plus	No	Yes	Jun 18, 2019
CVE-2023-6105	MEDIUM	5.5	Zoho ManageEngine ServiceDesk Plus	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus	No	Yes	Nov 15, 2023