Security News > 2021 > December > Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)
A vulnerability in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software.
The issue is considered critical by the company and affects ManageEngine Desktop Central - a unified endpoint management solution - and ManageEngine Desktop Central MSP - endpoint management software for MSPs. If installations of the latter are compromised, attackers could use the access to compromise endpoints and networks of MSPs's client organizations.
ManageEngine has fixed the vulnerability and is advising customers to take action.
ManageEngine did not share the nature of the attacks.
It seems likely that attackers have created their own, as it apparently happened for an authentication bypass vulnerability in ManageEngine ServiceDesk Plus.
Researchers with Palo Alto Networks' Unit 42 have also urged MSPs to update their ManageEngine Password Manager Pro software, as they have found evidence the attackers might be preparing to leverage a known vulnerability affecting it.
News URL
https://www.helpnetsecurity.com/2021/12/07/cve-2021-44515/
Related news
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)