CVE-2021-44515
Published: 12 December 2021
Summary
CVE-2021-44515 is a critical-severity an unspecified weakness vulnerability in Zohocorp Manageengine Desktop Central. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
Zoho ManageEngine Desktop Central is affected by an authentication bypass vulnerability that leads to remote code execution on the server. The flaw impacts Enterprise and MSP builds 10.1.2127.17 and earlier as well as builds 10.1.2128.0 through 10.1.2137.2.
Remote attackers with no credentials can exploit the issue over the network to bypass authentication and achieve arbitrary code execution on the server. The vulnerability carries a CVSS v3.1 score of 9.8 and was actively exploited in the wild in December 2021.
Vendor advisories direct customers to apply the listed updates, moving Enterprise or MSP builds 10.1.2127.17 and earlier to 10.1.2127.18 and builds 10.1.2128.0–10.1.2137.2 to 10.1.2137.3. CISA has added the CVE to its catalog of known exploited vulnerabilities, underscoring the urgency of patching.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-31348
Vulnerability details
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,…
more
upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
- CWE(s)
- KEV Date Added
- 10 December 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authenticated access decisions, blocking the unauthenticated remote requests that trigger the bypass and RCE.
Requires timely application of the exact vendor patches (10.1.2127.18 / 10.1.2137.3) that close the authentication flaw.
Mandates controlled and authenticated remote access paths, limiting exposure of the vulnerable Desktop Central endpoints to untrusted networks.