CVE-2021-20108

{"id": "CVE-2021-20108", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-07-19T15:15:07.637", "references": [{"url": "https://www.tenable.com/security/research/tra-2021-29", "tags": ["Third Party Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed (due to authtoken validation), the Asset Explorer agent will reach out to the manage engine server for an HTTP request. During this process, AEAgent.cpp allocates 0x66 bytes using \"malloc\". This memory is never free-ed in the program, causing a memory leak. Additionally, the instruction sent to aeagent (ie: NEWSCAN, DELTASCAN, etc) is converted to a unicode string, but is never freed. These memory leaks allow a remote attacker to exploit a Denial of Service scenario through repetitively sending these commands to an agent and eventually crashing it the agent due to an out-of-memory condition."}, {"lang": "es", "value": "Manage Engine Asset Explorer Agent versi\u00f3n 1.0.34, escucha en el puerto 9000 los comandos entrantes sobre HTTPS desde el Servidor de Manage Engine. Los certificados HTTPS no est\u00e1n comprobados, lo que permite a cualquier usuario arbitrario de la red enviar comandos a trav\u00e9s del puerto 9000. Mientras que estos comandos no pueden ser ejecutados (debido a la comprobaci\u00f3n de authtoken), el agente de Asset Explorer llegar\u00e1 al servidor del motor de administraci\u00f3n para una petici\u00f3n HTTP. Durante este proceso, el archivo AEAgent.cpp asigna 0x66 bytes usando \"malloc\". Esta memoria nunca se libera en el programa, causando una p\u00e9rdida de memoria. Adicionalmente, la instrucci\u00f3n enviada a aeagent (es decir, NEWSCAN, DELTASCAN, etc) es convertida en una cadena unicode, pero nunca se libera. Estas p\u00e9rdidas de memoria permiten a un atacante remoto explotar un escenario de Denegaci\u00f3n de Servicio mediante el env\u00edo repetitivo de estos comandos a un agente y eventualmente bloquearlo debido a una condici\u00f3n de falta de memoria"}], "lastModified": "2021-07-28T12:55:10.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:1.0.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED9862E-512A-4A1A-98F7-845ED9A62C44"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}