| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1573.001 | Symmetric Cryptography |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1560.001 | Archive via Utility |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1087.002 | Domain Account |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1070.004 | File Deletion |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1047 | Windows Management Instrumentation |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1003.003 | NTDS |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1136 | Create Account |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1218 | System Binary Proxy Execution |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1003 | OS Credential Dumping |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1140 | Deobfuscate/Decode Files or Information |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1027 | Obfuscated Files or Information |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | primary_impact | T1505.003 | Web Shell |
Comments
CVE-2021-40539 is an authentication bypass vulnerability affecting representational state transfer (REST) application programming interface (API) URLs that could enable remote code execution. Successful exploitation of the vulnerability allows an attacker to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | secondary_impact | T1505.003 | Web Shell |
Comments
This is an authentication bypass vulnerability that can enable remote code execution.
Numerous post-exploitation impacts by threat actors are detailed in the referenced CISA report.
References
|