CVE-2021-40172 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2021-40172?

CVE-2021-40172 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against Zoho ManageEngine Log360 proxy settings. Attackers can trick authenticated administrators into changing proxy configurations, potentially redirecting sensitive log data. Organizations using Log360 versions before Build 5219 are affected.

📋 TL;DR

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against Zoho ManageEngine Log360 proxy settings. Attackers can trick authenticated administrators into changing proxy configurations, potentially redirecting sensitive log data. Organizations using Log360 versions before Build 5219 are affected.

💻 Affected Systems

Products:

Zoho ManageEngine Log360

Versions: All versions before Build 5219

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments with proxy configuration capability enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers redirect all log traffic through malicious proxy servers, intercepting sensitive security logs, credentials, and system data while maintaining persistence.

🟠

Likely Case

Attackers redirect specific log data to collect credentials or sensitive information, potentially leading to further system compromise.

🟢

If Mitigated

With proper CSRF protections and network segmentation, impact is limited to configuration changes that can be detected and reverted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated administrator interaction but CSRF attacks are well-understood and easily weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Build 5219 or later

Vendor Advisory: https://www.manageengine.com/log-management/readme.html#Build%205219

Restart Required: Yes

Instructions:

1. Download Log360 Build 5219 or later from ManageEngine website. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the Log360 service.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all proxy configuration forms

Restrict Proxy Configuration Access

all

Limit access to proxy settings page to specific admin accounts only

🧯 If You Can't Patch

Implement network segmentation to isolate Log360 from internet access
Monitor proxy configuration changes and implement change control procedures

🔍 How to Verify

Check if Vulnerable:

Check Log360 version in web interface under Help > About or via command line: java -jar log360.jar --version

Check Version:

java -jar log360.jar --version

Verify Fix Applied:

Verify version is Build 5219 or higher and test proxy configuration forms for CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Unexpected proxy configuration changes
Administrator account accessing proxy settings from unusual IPs

Network Indicators:

Log traffic redirected to unexpected destinations
Outbound connections to unknown proxy servers

SIEM Query:

source="Log360" AND (event="Proxy Configuration Change" OR event="Settings Modified")

📊 Metadata

CVE ID: CVE-2021-40172

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: August 29, 2021

Last Updated: November 21, 2024

🔗 References

https://www.manageengine.com/log-management/readme.html#Build%205219 Release Notes,Vendor Advisory
https://www.manageengine.com/log-management/readme.html#Build%205219 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40172, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

Manageengine Log360 by Zohocorp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Implement CSRF Tokens

Restrict Proxy Configuration Access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities