Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In AEAgent.cpp, the agent responding back over HTTP is vulnerable to a Heap Overflow if the POST payload response is too large. The POST payload response is converted to Unicode using vswprintf. This is written to a buffer only 0x2000 bytes big. If POST payload is larger, then heap overflow will occur.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine AssetExplorer 信任管理问题漏洞
Vulnerability Description
ZOHO ManageEngine AssetExplorer是美国卓豪(ZOHO)公司的一套资产管理软件。该软件提供资产跟踪、IT资产的扫描和资产所有权的跟踪等功能。 ZOHO ManageEngine AssetExplorer 存在信任管理问题漏洞,该漏洞允许攻击者可利用该漏洞向网络上的侦听代理发送一个NEWSCAN请求,并接收代理的HTTP请求来验证其身份验证。
CVSS Information
N/A
Vulnerability Type
N/A