Desktop Central vulnerability allows authentication bypass, Patch now!

The leading software maker ManageEngine, a div of Zoho Corp has released patches for a critical security vulnerability that existed in its endpoint management software Desktop Central and Desktop Central MSP.

The security vulnerability will allow a remote actor to exploit it and execute remote operations to gain unauthorized access to its affected servers.

Details on the Desktop Central Vulnerability

The Desktop Central vulnerability is tracked as CVE-2021-4457, and allows authentication bypass that will give privilege for attackers to read unauthorized information or write an arbitrary zip file on the server. The company stated that the vulnerability is critical and is best to patch the same immediately.

Osword from SGLAB of Legendsec at Qi’anxin Group is the one wo discovered and reported the vulnerability. ManageEngine said the patched version will be 10.1.2127.9.

ManageEngine has addressed multiple vulnerabilities in recent months which includes,

• CVE-2021-40539 with a CVSS score of 9.8, authentication bypass vulnerability affecting ManageEngine AD SelfService Plus.
• CVE-2021-44515 with a CVSS score of 9.8, authentication bypass vulnerability affecting ManageEngine Desktop Central
• CVE-2021-44077 with a CVSS score of 9.8, unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus and SupportCenter Plus.

Desktop Central instances have been exploited in the past by attackers as the remote monitoring and management tools are a sweet spot for hackers to breach into high-profile targets. As per the KELA analysis and study on Desktop Central in 2020, the following two victims was identified,

KELA managed to identify the victims and indirectly confirm they were using the software in question. The first target is a Turkish company with a revenue of $221 Million (the access cost 1.5 BTC). The second victim is a Canadian corporation with a revenue of $338 Million, whose access has been sold in a few hours – it was offered for 1 BTC. -KELA report.

A Shodan search revealed that around 2800 Desktop Central servers could be exposed to wild attacks if not patched immediately.

So it is best to update ManageEngine Desktop Central patches immediately to ensure your network and the data are safe from threat actors that could soon start exploiting this vulnerability in the wild. Thanks to the company for handling the vulnerability early and giving a fix to the exploitation.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.