A Critical Zoho ManageEngine Desktop Central and Desktop Central MSP Vulnerability Is Exploited by an APT Actor

Zoho ManageEngine Desktop Central is a popular management tool that administrators use for automatic software distribution and remote troubleshooting across the whole network.

What Happened?

An authentication bypass vulnerability in ManageEngine Desktop Central MSP has been discovered, allowing an attacker to overcome authentication and execute arbitrary code on the Desktop Central MSP server.

An authentication bypass vulnerability in ManageEngine Desktop Central MSP was identified and the vulnerability can allow an adversary to bypass authentication and execute arbitrary code in the Desktop Central MSP server.

Note: As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.

Source

Critical vulnerabilities that occur in Zoho ManageEngine Desktop Central and Desktop Central MSP are actively exploited by an APT actor. The vulnerability has been assigned the CVE-ID: CVE-2021-44515.

The vulnerability is a Remote Code Execution (RCE) that could allow for arbitrary code execution by a remote attacker. This could lead to the compromise of unpatched Zoho equipment.

CVE-2021-44515 is the third vulnerability to be actively exploited by attackers in four months. It forms a lethal trifecta with the ADSelfService zero-day attack (CVE-2021-40539) and a severe ServiceDesk

Read More: https://heimdalsecurity.com/blog/a-critical-zoho-manageengine-desktop-central-and-desktop-central-msp-vulnerability-is-exploited-by-an-apt-actor/