Security Updates - CVE Database

CVE-2021-43319

There was a command injection vulnerability in the ipaddress/hostname field of the ping functionality. This vulnerability is specific to the configuration management module only.

Vulnerability Details
Severity High
Reported 16th October, 2021
Reported by Nam (aka m3) from ECQ
Fixed 28th October, 2021
Affected Builds → Builds 125458 to 125472
→ Builds 125456 and below
Fixed in → Build 125457
→ Build 125473
Overview There was a command injection vulnerability in the ipaddress/hostname field of the ping functionality. This vulnerability is specific to the configuration management module only.
Recommended Fix

→ For builds below 125456, please upgrade to version 125457 here.

→ For builds 125458 to 125472 and please upgrade to  the version 125473 here.

 

Description

Earlier, there was a Remote Code Execution (RCE) vulnerability in the Ping functionality. This issue has been fixed now.

We recommend that you upgrade to the latest version of NetFlow Analyzer or contact our support team at netflowanalyzer-support@manageengine.com to fix this issue.

Source and Acknowledgements

Find out more about CVE-2021-43319 from the CVE dictionary.

Need Help?

For clarification or corrections please contact our support team or email us at netflowanalyzer-support@manageengine.com