Security News > 2021 > December > Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks

Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks
2021-12-03 21:09

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months.

The issue, assigned the identifier CVE-2021-44515, is an authentication bypass vulnerability that could permit an adversary to circumvent authentication protections and execute arbitrary code in the Desktop Central MSP server.

"If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution," Zoho cautioned in an advisory.

"As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible."

With this development, CVE-2021-44515 joins two other vulnerabilities CVE-2021-44077 and CVE-2021-40539 that have been weaponized to compromise the networks of critical infrastructure organizations across the world.

The disclosure also comes a day after the U.S. Cybersecurity and Infrastructure Security Agency warned that CVE-2021-44077 - an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus - is being exploited to drop web shells and carry out an array of post-exploitation activities as part of a campaign dubbed "TiltedTemple."


News URL

https://thehackernews.com/2021/12/warning-yet-another-zoho-manageengine.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-12-12 CVE-2021-44515 Unspecified vulnerability in Zohocorp Manageengine Desktop Central
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021.
network
low complexity
zohocorp
critical
9.8
2021-11-29 CVE-2021-44077 Missing Authentication for Critical Function vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.
network
low complexity
zohocorp CWE-306
critical
9.8
2021-09-07 CVE-2021-40539 Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
network
low complexity
zohocorp CWE-706
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Manageengine 9 0 3 4 3 10
Zoho 4 0 3 4 0 7