CVE-2021-44515 Information

Jun 07, 2022 cve

Description

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass leading to remote code execution on the server as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2 upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2 upgrade to 10.1.2137.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: