← Voltar para CVEs

CVE-2021-44515

CRITICALCISA KEV

9.8

Descricao

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado12/12/2021

Ultima modificacao10/31/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorZoho

ProdutoDesktop Central

Nome da vulnerabilidadeZoho Desktop Central Authentication Bypass Vulnerability

Data inclusao KEV2021-12-10

Prazo de remediacao2021-12-24

Uso em ransomwareUnknown

Produtos afetados

zohocorp:manageengine_desktop_central

Referencias

https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp(cve@mitre.org)

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog(cve@mitre.org)

https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html(cve@mitre.org)

https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog(af854a3a-2127-422b-91ae-364da2661108)

https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44515(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.