A Critical Zoho ManageEngine Desktop Central and Desktop Central MSP Vulnerability Is Exploited by an APT Actor
The RCE Is Apparently Able to Allow for Arbitrary Code Execution by a Remote Attacker.
Zoho ManageEngine Desktop Central is a popular management tool that administrators use for automatic software distribution and remote troubleshooting across the whole network.
An authentication bypass vulnerability in ManageEngine Desktop Central MSP has been discovered, allowing an attacker to overcome authentication and execute arbitrary code on the Desktop Central MSP server.
An authentication bypass vulnerability in ManageEngine Desktop Central MSP was identified and the vulnerability can allow an adversary to bypass authentication and execute arbitrary code in the Desktop Central MSP server.
Note: As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.
Critical vulnerabilities that occur in Zoho ManageEngine Desktop Central and Desktop Central MSP are actively exploited by an APT actor. The vulnerability has been assigned the CVE-ID: CVE-2021-44515.
The vulnerability is a Remote Code Execution (RCE) that could allow for arbitrary code execution by a remote attacker. This could lead to the compromise of unpatched Zoho equipment.
CVE-2021-44515 is the third vulnerability to be actively exploited by attackers in four months. It forms a lethal trifecta with the ADSelfService zero-day attack (CVE-2021-40539) and a severe ServiceDesk weakness (CVE-2021-44077) exploited by numerous state-sponsored actors for incursions from August to October 2021. Furthermore, CISA published a notice for CVE-2021-44077 last week, stating that APT actors used the flaw to drop web shells and conduct a variety of post-exploitation procedures as part of the “TitledTemple” campaign.
The CVE-2021-44515 Security Advisory from Zoho introduces the Exploit Detection Tool, which allows enterprises to determine whether their installation is vulnerable to the authentication bypass vulnerability. The Security Advisory also contains the incident response strategy, as well as tips on how to act to reduce the consequences if the vulnerability is exploited.
How to Stay Safe Using Heimdal™?
Vulnerability management should remain a top priority for all businesses out there that always try to have the best means for facilitating their organization’s cybersecurity. Existing software is not perfect, being home for vulnerabilities from time to time. To keep the threat those bugs pose to your network apart, an automated Patch Management Solution will help you take care of your vulnerability management efficiently and use your time wisely.
Our tool lets you deploy any patch no matter where you are now, using command-line scripting to cover patches from Microsoft to third-party and proprietary software. But what is even nicer about our tool is the vendor to end-user waiting time: in less than 4 hours from the release, you have your patch tested and repackaged, and ready to be deployed. Curious? Go and find more about our Patch Management Solution!