CVE-2021-41081
📋 TL;DR
CVE-2021-41081 is a critical SQL injection vulnerability in Zoho ManageEngine Network Configuration Manager that allows attackers to execute arbitrary SQL commands through configuration search functionality. This affects all organizations using vulnerable versions of the software, potentially exposing sensitive network configuration data and system access.
💻 Affected Systems
- Zoho ManageEngine Network Configuration Manager
📦 What is this software?
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
Manageengine Network Configuration Manager by Zohocorp
View all CVEs affecting Manageengine Network Configuration Manager →
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the ManageEngine NCM database leading to data theft, privilege escalation, and potential lateral movement to connected network devices.
Likely Case
Unauthorized access to sensitive network configuration data, credential harvesting, and potential modification of network device configurations.
If Mitigated
Limited impact with proper input validation, database permissions, and network segmentation in place.
🎯 Exploit Status
SQL injection vulnerabilities are commonly exploited and weaponized. Authentication is required but standard user credentials may suffice.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 125465 and later
Vendor Advisory: https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html
Restart Required: Yes
Instructions:
1. Download and install ManageEngine NCM version 125465 or later from the official website. 2. Stop the ManageEngine NCM service. 3. Run the installer. 4. Restart the service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Input Validation Enhancement
allImplement additional input validation and sanitization for configuration search parameters
Not applicable - requires code changes
Database Permission Restriction
allRestrict database user permissions to minimum required for application functionality
ALTER USER 'ncm_user'@'localhost' WITH GRANT OPTION;
REVOKE ALL PRIVILEGES ON ncm_db.* FROM 'ncm_user'@'localhost';
GRANT SELECT, INSERT, UPDATE ON ncm_db.* TO 'ncm_user'@'localhost';
🧯 If You Can't Patch
- Implement strict network segmentation to isolate ManageEngine NCM from critical systems
- Deploy a web application firewall (WAF) with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check the ManageEngine NCM version in the web interface under Help > About. If version is below 125465, the system is vulnerable.Check Version:
On Windows: Check 'Program Files\ManageEngine\Network Configuration Manager\conf\version.txt'. On Linux: Check '/opt/ManageEngine/Network Configuration Manager/conf/version.txt'Verify Fix Applied:
Verify the version is 125465 or higher and test configuration search functionality with SQL injection test payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by configuration searches
- Configuration search requests containing SQL keywords (SELECT, UNION, etc.)
Network Indicators:
- Unusual traffic patterns to ManageEngine NCM web interface
- SQL error messages in HTTP responses
SIEM Query:
source="manageengine_ncm" AND (http_request="*SELECT*" OR http_request="*UNION*" OR http_request="*OR 1=1*")