CVE-2021-42955
HIGHZoho Remote Access Plus Server <10.1.2132 - Privilege Escalation
Title source: llmDescription
Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows user can reset the password of the Remote Access Plus Server Admin account.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://medium.com/nestedif/vulnerability-disclosure-improper-acl-unauthorized-password-reset-zoho-r-a-p-62efcdceb7a6
Scores
CVSS v3
7.3
EPSS
0.0008
EPSS Percentile
22.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
Details
CWE
CWE-732
Status
published
Products (1)
zohocorp/manageengine_remote_access_plus
< 10.1.2132
Published
Nov 17, 2021
Tracked Since
Feb 18, 2026