CVE-2021-44757: Zoho ManageEngine Desktop Central Authentication Bypass Vulnerability Alert
On January 17, 2022, Zoho officially released a security notice for ManageEngine Desktop Central, the vulnerability number is CVE-2021-44757, the vulnerability impact is critical. CVE-2021-44757 affects Desktop Central and Desktop Central MSP Unified Endpoint Management (UEM) solutions.
ZOHO ManageEngine Desktop Central (DC) is a set of desktop management solutions from ZOHO Company. The solution includes functional modules such as software distribution, patch management, system configuration, and remote control, which can support the entire life cycle of desktop and server management.
Vulnerability Detail
An authentication bypass vulnerability exists in Zoho ManageEngine Desktop Central that allows a remote attacker to read data or write arbitrary zip files on the target server without authorization. The vulnerability affects Desktop Central and Desktop Central MSP Unified Endpoint Management (UEM) solutions.
Affected version
- Zoho ManageEngine Desktop Central < 10.1.2137.9
Unaffected version
- Zoho ManageEngine Desktop Central 10.1.2137.9
Solution
In this regard, we recommend users update Zoho ManageEngine Desktop Central to the unaffected version in time.
To apply this fix, follow the steps below:
- Login to your Desktop Central MSP console/ Desktop Central console, click on your current build number on the top right corner.
- You’ll be able to find the latest build applicable to you. Download the PPM and update.