CVE-2021-44515
CVE-2021-44515
In short
Zoho ManageEngine Desktop Central allows attackers to bypass authentication and execute arbitrary code on the server without proper credentials, a critical flaw that was actively exploited in December 2021.
Technical detail
Authentication bypass vulnerability in Zoho ManageEngine Desktop Central enables unauthenticated remote code execution on affected server instances; exploitation vector allows direct access to administrative functions without valid credentials, affecting Enterprise and MSP builds up to specified versions.
Summary generated and translated by AI from the official description.
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msphttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44515https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-cataloghttps://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html