Background
On Friday, December 3, 2021, ManageEngine released a patch advisory for CVE-2021-44515, an authentication bypass vulnerability affecting Desktop Central Enterprise and MSP versions. Desktop Central is a unified endpoint management (UEM) solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.
CVE ID |
CVSS Score V3 |
CVSS Criticality |
Type |
Description |
CVE-2021-44515 |
9.8 |
Critical |
Improper Authentication & Remote code Execution |
Zoho Corp. Desktop Central Authentication Bypass Vulnerability |
Analysis
CVE-2021- 44515
CVE-2021-44515 affects the following versions of ManageEngine Desktop Central:
- For Enterprise:
- For builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
- For builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3
- For MSP:
- For builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
- For builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3
ManageEngine has disclosed that this vulnerability is being exploited in the wild, however no information regarding threat actors or techniques have been shared at this time. Exploitation of CVE-2021-44515 allows a threat actor to gain unauthorized access by sending a specially crafted request to a server running a vulnerable version of ManageEngine Desktop Central Enterprise or MSP versions which can lead to remote code execution.
Solutions and Recommendations
ManageEngine has indicated in their advisory here that specific versions are affected by CVE-2021-44515 vulnerability.
Arctic Wolf has assessed the risk posed by CVE-2021-44515 as high, and strongly recommends that customers review the advisory to determine if they are affected and patch affected servers immediately.
References
- ManageEngine – Authentication Bypass using Filter Configuration
- ManageEngine – Authentication Bypass identified and fixed in Desktop Central
- ManageEngine – CVE-2021-44515
Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.