Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.

A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has warned.

The bug (CVE-2021-44757) could allow a remote user to “perform unauthorized actions in the server,” according to the company’s Monday security advisory. “If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary .ZIP file on the server.”

Zoho’s ManageEngine Desktop Central is a unified endpoint management (UEM) solution that lets IT admins manage servers, laptops, desktops, smartphones and tablets from a central location. Users can automate routines like installing patches, deploying software, imaging and deploying OS, according to the company’s documentation. It can also be used to manage assets and software licenses, monitor software-usage statistics, manage USB device usage, take control of remote desktops, and more.

On the mobile side, users can deploy profiles and policies; configure devices for Wi-Fi, VPNs, email accounts and so on; apply restrictions on application installs, camera usage and the browser; and manage security with passcodes and remote lock/wipe functionality.

As such,

Read More: https://threatpost.com/critical-manageengine-desktop-server-bug-malware/177705/