Critical Vulnerability in Zoho ManageEngine Desktop Central

A critical authentication bypass vulnerability in Zoho ManageEngine Desktop Central is being exploited in the wild

Threat ID:: CC-3986
Threat Severity:: High
Threat Vector:: Vulnerability
Published:: 6 December 2021 5:56 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A critical authentication bypass vulnerability in Zoho ManageEngine Desktop Central is being exploited in the wild

Affected platforms

The following platforms are known to be affected:

Versions: for builds 10.1.2127.17 and below - all prior to 10.1.2127.18, for builds 10.1.2128.0 to 10.1.2137.2 - all prior to 10.1.2137.3

Zoho ManageEngine Desktop Central

Versions: for builds 10.1.2127.17 and below - all prior to 10.1.2127.18, for builds 10.1.2128.0 to 10.1.2137.2 - all prior to 10.1.2137.3

Zoho ManageEngine ServiceDesk Plus MSP

Threat details

Introduction

Zoho has released a security advisory for a critical vulnerability, tracked as CVE-2021-44515, in its ManageEngine Desktop Central and ManageEngine Desktop Central MSP products. The vulnerability has been fixed in the latest build released on 3 December 2021.

Exploitation in the wild

Zoho has reported indications that CVE-2021-44515 has been exploited in the wild.

Vulnerability details

CVE-2021-44515 is an authentication bypass vulnerability that, if successfully exploited, could allow remote code execution (RCE).

An attacker could gain unauthorised access to Desktop Central by sending a specially crafted request, which could result in remote code execution.

Remediation advice

Zoho has fixed the vulnerability in the latest build of Desktop Central, released on 3 December 2021. Affected organisations are required to apply updates immediately. There are no known workarounds.

Details on applying the updates can be found in CVE-2021-44515: Security Advisory and CVE-2021-44515: Security Advisory (Desktop Central for MSP).

Although Zoho has released a security update to remediate this vulnerability, prior exploitation may have been achieved already. Applying the security update will not negate any prior exploitation.

Zoho has provided further guidance to help identify if a system has been compromised by exploitation of this vulnerability, including their Exploit Detection Tool. Instructions on downloading and applying the tool can be found in CVE-2021-44515: Security Advisories (above).

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2021-44515

Last edited: 6 December 2021 5:56 pm