Cyber Resilience

CVE-2021-44515

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 12 December 2021

Published
12 December 2021
Modified
31 October 2025
KEV Added
10 December 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9435 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-44515 is a critical-severity an unspecified weakness vulnerability in Zohocorp Manageengine Desktop Central. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

Zoho ManageEngine Desktop Central is affected by an authentication bypass vulnerability that leads to remote code execution on the server. The flaw impacts Enterprise and MSP builds 10.1.2127.17 and earlier as well as builds 10.1.2128.0 through 10.1.2137.2.

Remote attackers with no credentials can exploit the issue over the network to bypass authentication and achieve arbitrary code execution on the server. The vulnerability carries a CVSS v3.1 score of 9.8 and was actively exploited in the wild in December 2021.

Vendor advisories direct customers to apply the listed updates, moving Enterprise or MSP builds 10.1.2127.17 and earlier to 10.1.2127.18 and builds 10.1.2128.0–10.1.2137.2 to 10.1.2137.3. CISA has added the CVE to its catalog of known exploited vulnerabilities, underscoring the urgency of patching.

EU & UK References

Vulnerability details

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2,…

more

upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.

CWE(s)
KEV Date Added
10 December 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zohocorp
manageengine desktop central
≤ 10.1.2127.18 · ≤ 10.1.2127.18 · 10.1.2128.0 — 10.1.2137.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authenticated access decisions, blocking the unauthenticated remote requests that trigger the bypass and RCE.

prevent

Requires timely application of the exact vendor patches (10.1.2127.18 / 10.1.2137.3) that close the authentication flaw.

AC-17 Remote Access partial match
prevent

Mandates controlled and authenticated remote access paths, limiting exposure of the vulnerable Desktop Central endpoints to untrusted networks.

References