Security News > 2021 > December > Zoho: Patch new ManageEngine bug exploited in attacks ASAP
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installation to the latest available version.
Zoho's ManageEngine Desktop Central is a management platform that helps admins deploy patches and software automatically over the network and troubleshoot them remotely.
A quick search using Shodan has revealed over 3,200 ManageEngine Desktop Central instances running on various ports and exposed to attacks.
This is not the first time Zoho ManageEngine servers have been targeted in attacks recently.
More recently, between August and October 2021, Zoho ManageEngine products have been targeted by state hackers using tactics and tooling similar to those used by Chinese-backed hacking group APT27.
A Zoho spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today about the CVE-2021-44515 Desktop Central authentication bypass vulnerability being exploited in the wild.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-12 | CVE-2021-44515 | Unspecified vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. | 10.0 |