← Zuruck zu CVEs

CVE-2021-44515

CRITICALCISA KEV

9.8

Beschreibung

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht12/12/2021

Zuletzt geandert10/31/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerZoho

ProduktDesktop Central

SchwachstellennameZoho Desktop Central Authentication Bypass Vulnerability

KEV Aufnahmedatum2021-12-10

Behebungsfrist2021-12-24

Ransomware-NutzungUnknown

Betroffene Produkte

zohocorp:manageengine_desktop_central

Referenzen

https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp(cve@mitre.org)

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog(cve@mitre.org)

https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html(cve@mitre.org)

https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog(af854a3a-2127-422b-91ae-364da2661108)

https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44515(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.