Update Details
Update #3447 (12/14/2021)
2 new signatures:
| HIGH | HTTP:STC:DL:CVE-2021-43883-EOP | HTTP: Windows Installer CVE-2021-43883 Elevation of Privilege |
| HIGH | HTTP:CTS:ZOHO-MGN-ENG-AUTHBYPAS | HTTP: Zoho ManageEngine ServiceDesk Plus Authentication Bypass |
1 updated signature:
| HIGH | HTTP:MISC:DOLIBARR-ERP-COMM-INJ | HTTP: Dolibarr ERP & CRM 3 Post Authentication Command Injection |
Details of the signatures included within this bulletin:
HTTP:STC:DL:CVE-2021-43883-EOP - HTTP: Windows Installer CVE-2021-43883 Elevation of Privilege
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2021-43883
Affected Products:
- Microsoft windows_server 20h2
- Microsoft windows_10 20h2
- Microsoft windows_10 2004
- Microsoft windows_10 1809
- Microsoft windows_10 21h2
- Microsoft windows_server_2008 r2
- Microsoft windows_server_2016
- Microsoft windows_rt_8.1
- Microsoft windows_10
- Microsoft windows_server_2012
- Microsoft windows_server 2022
- Microsoft windows_10 21h1
- Microsoft windows_8.1
- Microsoft windows_server_2019
- Microsoft windows_7
- Microsoft windows_server 2004
- Microsoft windows_10 1909
- Microsoft windows_11
- Microsoft windows_10 1607
- Microsoft windows_server_2012 r2
HTTP:MISC:DOLIBARR-ERP-COMM-INJ - HTTP: Dolibarr ERP & CRM 3 Post Authentication Command Injection
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Dolibarr ERP. A successful exploit can lead to remote command execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
- cve: CVE-2021-33816
Affected Products:
- Dolibarr dolibarr 13.0.2
HTTP:CTS:ZOHO-MGN-ENG-AUTHBYPAS - HTTP: Zoho ManageEngine ServiceDesk Plus Authentication Bypass
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine. A successful attack can lead to security bypass.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, srx-19.4, vsrx3bsd-19.4, srx-branch-19.4, vsrx-19.4, vmx-19.4, mx-19.4, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
- url: https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302
- cve: CVE-2021-37415
Affected Products:
- Zohocorp manageengine_servicedesk_plus 11.3
- Zohocorp manageengine_servicedesk_plus 11.1
- Zohocorp manageengine_servicedesk_plus 11.2
- Zohocorp manageengine_servicedesk_plus 11.0