On 3^rd December 2021 Manage Engine released a security update on the vulnerability tracked as CVE-2021-44515. “An authentication bypass vulnerability in ManageEngine Desktop Central MSP was identified and the vulnerability can allow an adversary to bypass authentication and execute arbitrary code in the Desktop Central MSP server.” Mentioned in the advisory

Zoho is a business Software Provider and it’s ManageEngine Desktop Central is a management platform which used by admins to deploy patches/software automatically over the network and troubleshoot them remotely

“If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution.”

Zoho has made an Exploit Detection Tool which customers can used to identify if the installation has been affected. Follow the Step by step detailed procedure here on using the tool.

If the installation is affected the following recommendations are made by the company.

1. Disconnect the affected system from your network
2. Back up the Desktop Central database using these steps.
3. Format the compromised machine. Note: Before formatting the machine, ensure that you have backed up all critical business data.
4. Restore Desktop Central.
5. Update to the lasted build

The company also recommends resetting passwords for AD administrators, Active Directory, all services, accounts, etc. that has been accessed from the service installed machine.

“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.” Zoho advice customers to update to latest patch as soon as possible

References

• https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
• https://www.manageengine.com/desktop-management-msp/cve-2021-44515-security-advisory.html