CVE-2021-42847: 
Zoho ManageEngine ADAudit Plus vulnerability analysis and mitigation

Zoho ManageEngine ADAudit Plus before build 7006 contains a vulnerability (CVE-2021-42847) that allows attackers to write to and execute arbitrary files. This vulnerability was disclosed on November 11, 2021, affecting the ADAudit Plus application, a critical audit and compliance solution for Active Directory environments (NVD).

The vulnerability exists in the GPO Watcher endpoint at /api/agent/tabs/agentGPOWatcherData, which is susceptible to a directory traversal attack via the Html_fileName parameter in POST requests. By manipulating this parameter and setting the htmlReport parameter to malicious command content, attackers can create and execute arbitrary files on the target system. The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (AttackerKB).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code as the user running ADAudit Plus, which typically has local administrator privileges. This could lead to complete system compromise, allowing attackers to gain unauthorized access to sensitive information, modify system configurations, and potentially establish persistent access to the affected system (Rapid7 Blog).

Organizations should upgrade their ManageEngine ADAudit Plus installations to build 7006 or later to address this vulnerability. The vendor has released patches to fix the issue (Vendor Advisory).