On Monday, January 17, 2022, ManageEngine released security patches to address CVE-2021-44757–a critical authentication bypass vulnerability in Desktop Central and Desktop Central MSP that could allow a threat actor to read unauthorized data or write an arbitrary zip file in the Desktop Central server if successfully exploited.
According to a ManageEngine Sr. Product Expert, “this vulnerability can be exploited by anyone in the internal network even if the secure gateway is installed as direct access to the Central Server is possible.
If UI Access is enabled through Secure Gateway, then the vulnerability can be exploited from the external network.”
Desktop Central is a Unified Endpoint Management solution that is an attractive target for threat actors due to its comprehensive functionality. Desktop central has the capability to manage IT assets, administer users, and deploy software. Although technical details are limited and a proof-of-concept (PoC) exploit is not currently available, we assess threat actors, including state-sponsored groups, will exploit this vulnerability in future campaigns.
With technical details shared by ManageEngine for CVE-2021-44757 being limited, Arctic Wolf is actively monitoring all intelligence sources for further information to become available and assist us in detecting attacks exploiting this vulnerability.
This section provides details on the recommendations that Arctic Wolf suggests to CVE-2021-44757 in ManageEngine Desktop Central and Desktop Central MSP.
Recommendation #1: Apply ManageEngine Desktop Central and Desktop Central MSP Security Patches
ManageEngine released security patches that remediate CVE-2021-44757 on January 17, 2022. We recommend applying the security patches immediately to prevent future exploitation. Apply security patches to public-facing assets first. We recommend testing in a non-production environment to ensure there is no impact to critical assets.
|Product||Fixed Build Version|
|ManageEngine Desktop Central||10.1.2137.9|
|ManageEngine Desktop Central MSP||10.1.2137.9|
NOTE: If your build range is between 10.1.2140.X and 10.1.2149.X, you will need to contact ManageEngine to obtain the security patches.
Recommendation #2: Harden Desktop Central and Desktop Central MSP Server
ManageEngine has published best practices on securing Desktop Central and Desktop Central MSP servers. We recommend following their best practices to decrease your organization’s attack surface.
Best practices can be found: