CVE-2021-44515:Authentication Bypass Vulnerability in Zoho ManageEngine Desktop Central Leading to Remote Code Execution

splash
Back

Description Preview

CVE-2021-44515 is an authentication bypass vulnerability in Zoho ManageEngine Desktop Central and Desktop Central MSP that allows attackers to bypass authentication mechanisms and potentially execute code remotely on the server. This critical vulnerability was actively exploited in the wild in December 2021. The vulnerability affects multiple versions of both Desktop Central and Desktop Central MSP products, requiring immediate patching to prevent unauthorized access and system compromise.

Overview

This vulnerability (CVE-2021-44515) affects Zoho ManageEngine Desktop Central and Desktop Central MSP, which are unified endpoint management solutions. The authentication bypass vulnerability allows attackers to circumvent authentication controls, potentially leading to remote code execution on the server. The vulnerability was discovered and actively exploited in December 2021, prompting CISA to add it to their Known Exploited Vulnerabilities Catalog. This indicates the severity and active exploitation of the vulnerability in real-world attacks. The issue affects multiple versions of both Desktop Central and Desktop Central MSP products, putting organizations using unpatched versions at significant risk of unauthorized access and system compromise.

Remediation

Organizations using affected versions of Zoho ManageEngine Desktop Central or Desktop Central MSP should immediately apply the appropriate patches:

For Desktop Central Enterprise:

  • If running build 10.1.2127.17 or earlier, upgrade to build 10.1.2127.18
  • If running builds 10.1.2128.0 through 10.1.2137.2, upgrade to build 10.1.2137.3

For Desktop Central MSP:

  • If running build 10.1.2127.17 or earlier, upgrade to build 10.1.2127.18
  • If running builds 10.1.2128.0 through 10.1.2137.2, upgrade to build 10.1.2137.3

Additionally, organizations should:

  • Monitor systems for signs of compromise
  • Review logs for suspicious activities
  • Implement network segmentation to limit potential lateral movement
  • Consider temporarily isolating ManageEngine instances from the internet until patching is complete
  • Follow the detailed guidance provided in Zoho's advisory documentation

References

  1. Vendor Advisory: https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
  2. Patch Information: https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html
  3. CISA Advisory: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog
  4. Known Exploited Vulnerabilities Catalog Entry by CISA confirming active exploitation

Early Warning

Armis Early Warning customers received an advanced alert on this vulnerability.

Armis Alert Date
Dec 7, 2021
CISA KEV Date
Dec 10, 2021
3days early
Learn More

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Transportation & Warehousing
    Transportation & Warehousing
  2. Accommodation & Food Services
    Accommodation & Food Services
  3. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  4. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  5. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  6. Construction
    Construction
  7. Educational Services
    Educational Services
  8. Finance and Insurance
    Finance and Insurance
  9. Health Care & Social Assistance
    Health Care & Social Assistance
  10. Information
    Information
  11. Management of Companies & Enterprises
    Management of Companies & Enterprises
  12. Manufacturing
    Manufacturing
  13. Mining
    Mining
  14. Other Services (except Public Administration)
    Other Services (except Public Administration)
  15. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  16. Public Administration
    Public Administration
  17. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  18. Retail Trade
    Retail Trade
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background