Vulnerability Details CVE-2021-41829
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://medium.com/nestedif/vulnerability-disclosure-statically-derived-encryption-key-zoho-r-a-p-907088263197
- https://www.manageengine.com/remote-desktop-management/hotfix-readme.html
- https://medium.com/nestedif/vulnerability-disclosure-statically-derived-encryption-key-zoho-r-a-p-907088263197
- https://www.manageengine.com/remote-desktop-management/hotfix-readme.html
Products affected by CVE-2021-41829
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:-
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.252
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.253
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.254
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.255
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.256
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.257
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.258
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.259
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.415
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.416
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.421
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.422
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.428
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.430
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.431
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.432
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.433
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.434
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.435
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.436
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.440
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.447
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.448
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.450
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.451
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.452
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.453
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.454
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.465
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.466
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.468
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.469
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.472
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.473
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.476
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.1.2119.1