CVE-2021-44515 Scanner
Detects 'Authentication Bypass' vulnerability in Zoho ManageEngine Desktop Central affects v. Enterprise builds 10.1.2127.17 and earlier, 10.1.2128.0 through 10.1.2137.2, MSP builds 10.1.2127.17 and earlier, 10.1.2128.0 through 10.1.2137.2.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4
Toolbox
-
Zoho ManageEngine Desktop Central is an advanced remote desktop and device management software designed for IT professionals in enterprises and Managed Service Providers (MSPs). The central management system helps administrators to automate their desktop management tasks, including software deployment, patch management, inventory management, and mobile device management. It streamlines IT operations, secures endpoints, and helps businesses to remain compliant.
Recently, a critical security vulnerability was found in Zoho ManageEngine Desktop Central. The CVE-2021-44515 vulnerability allows an attacker to bypass the authentication process, leading to remote code execution on the server. According to reports, this vulnerability has been actively exploited in the wild since December 2021 by a threat actor group called Blue Mockingbird.
When exploited, the CVE-2021-44515 vulnerability can allow attackers to gain unauthorized access to the Zoho ManageEngine Desktop Central server. This can be used to steal or modify sensitive data, install malware, or launch attacks on the affected network and connected devices. The potential impact of such an attack can be severe and lead to data breaches, financial losses, and reputational damage.
By using the pro features of the s4e.io platform, readers of this article can easily identify any vulnerabilities that may exist in their digital assets and take appropriate measures. With its advanced scanning and reporting capabilities, s4e.io can provide a comprehensive assessment of an organization's digital assets to identify and remediate vulnerabilities and security weaknesses. Protect your business from cyber threats by subscribing to s4e.io today.
REFERENCES
- https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
- https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog
- https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html