New Critical Vulnerability in ManageEngine Desktop Central and Desktop Central MSP; Exploitation Highly Likely

Share :

On Monday, January 17, 2022, ManageEngine released security patches to address CVE-2021-44757–a critical authentication bypass vulnerability in Desktop Central and Desktop Central MSP that could allow a threat actor to read unauthorized data or write an arbitrary zip file in the Desktop Central server if successfully exploited. 

According to a ManageEngine Sr. Product Expert, “this vulnerability can be exploited by anyone in the internal network even if the secure gateway is installed as direct access to the Central Server is possible.
If UI Access is enabled through Secure Gateway, then the vulnerability can be exploited from the external network.” 

Desktop Central is a Unified Endpoint Management solution that is an attractive target for threat actors due to its comprehensive functionality. Desktop central has the capability to manage IT assets, administer users, and deploy software. Although technical details are limited and a proof-of-concept (PoC) exploit is not currently available, we assess threat actors, including state-sponsored groups, will exploit this vulnerability in future campaigns.  

With technical details shared by ManageEngine for CVE-2021-44757 being limited, Arctic Wolf is actively monitoring all intelligence sources for further information to become available and assist us in detecting attacks exploiting this vulnerability. 


This section provides details on the recommendations that Arctic Wolf suggests to CVE-2021-44757 in ManageEngine Desktop Central and Desktop Central MSP. 

Recommendation #1: Apply ManageEngine Desktop Central and Desktop Central MSP Security Patches 

ManageEngine released security patches that remediate CVE-2021-44757 on January 17, 2022. We recommend applying the security patches immediately to prevent future exploitation. Apply security patches to public-facing assets first. We recommend testing in a non-production environment to ensure there is no impact to critical assets. 

Product  Fixed Build Version 
ManageEngine Desktop Central  10.1.2137.9 
ManageEngine Desktop Central MSP  10.1.2137.9 

If your build range is between 10.1.2140.X and 10.1.2149.X, you will need to contact ManageEngine to obtain the security patches. 

Recommendation #2: Harden Desktop Central and Desktop Central MSP Server 

ManageEngine has published best practices on securing Desktop Central and Desktop Central MSP servers. We recommend following their best practices to decrease your organization’s attack surface.  

Best practices can be found: 


Picture of Steven Campbell

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.
Share :
Table of Contents
Subscribe to our Monthly Newsletter