Security News > 2021 > December > Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)

Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)
2021-12-07 10:56

A vulnerability in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software.

The issue is considered critical by the company and affects ManageEngine Desktop Central - a unified endpoint management solution - and ManageEngine Desktop Central MSP - endpoint management software for MSPs. If installations of the latter are compromised, attackers could use the access to compromise endpoints and networks of MSPs's client organizations.

ManageEngine has fixed the vulnerability and is advising customers to take action.

ManageEngine did not share the nature of the attacks.

It seems likely that attackers have created their own, as it apparently happened for an authentication bypass vulnerability in ManageEngine ServiceDesk Plus.

Researchers with Palo Alto Networks' Unit 42 have also urged MSPs to update their ManageEngine Password Manager Pro software, as they have found evidence the attackers might be preparing to leverage a known vulnerability affecting it.


News URL

https://www.helpnetsecurity.com/2021/12/07/cve-2021-44515/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Manageengine 20 1 34 7 5 47