Login Sign Up

CVE-2020-29658

9.8 CRITICAL

📋 TL;DR

This vulnerability in Zoho ManageEngine Application Control Plus allows attackers to exploit insecure SSL configuration in Nginx to escalate privileges. It affects all systems running versions before 100523. Attackers could gain administrative access to the application.

💻 Affected Systems

Products:
  • Zoho ManageEngine Application Control Plus
Versions: All versions before 100523
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with the vulnerable SSL configuration are affected.

📦 What is this software?

Manageengine Applications Control Plus by Zohocorp

View all CVEs affecting Manageengine Applications Control Plus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges leading to complete control over the ManageEngine Application Control Plus instance and potential lateral movement.

🟠

Likely Case

Privilege escalation allowing attackers to modify application settings, access sensitive data, or execute arbitrary commands within the application context.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.
🏢 Internal Only: HIGH - Even internally, the vulnerability allows privilege escalation which could lead to significant internal compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability involves insecure SSL configuration which typically requires minimal technical skill to exploit once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 100523 and later

Vendor Advisory: https://www.manageengine.com/application-control/knowledge-base/privilege-escalation-vulnerability-open-SSL.html

Restart Required: Yes

Instructions:

1. Download and install version 100523 or later from the ManageEngine website. 2. Apply the update through the application's update mechanism. 3. Restart the Application Control Plus service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the Application Control Plus instance to only trusted IP addresses.

Firewall Rules

all

Implement firewall rules to block external access to the vulnerable service ports.

🧯 If You Can't Patch

  • Isolate the vulnerable system from the internet and restrict internal access
  • Implement strict access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check the application version in the web interface or configuration files. Versions before 100523 are vulnerable.

Check Version:

Check the application web interface or look for version information in installation directories.

Verify Fix Applied:

Verify the application version is 100523 or later and check that SSL configuration has been properly hardened.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts
  • Privilege escalation attempts in application logs
  • Configuration changes to SSL settings

Network Indicators:

  • Unusual traffic patterns to the Application Control Plus service
  • SSL negotiation anomalies

SIEM Query:

source="manageengine-appcontrol" AND (event_type="privilege_escalation" OR event_type="auth_failure")

📊 Metadata

CVE ID: CVE-2020-29658
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: March 5, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON