logo
DATABASE RESOURCES PRICING ABOUT US

Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks

Description

[![Zoho ManageEngine](https://thehackernews.com/new-images/img/a/AVvXsEjHMcXDV_clY9qcSsKkb2OAnYKFj0UHRQhJw2hVPqXcoFYUHdOV9I1c1_n8Cts-WBNsCC5QeLRhSXMP8AXBcSxfSv7-X1u92p_NKlGh0e1T367go5qLlZP_JyRzjUIMcONyTPXffBuAVxGFdEi87vmow8jsvdsVu1kywwfDfJESNMvFBaxHuAlYmc0Q=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEjHMcXDV_clY9qcSsKkb2OAnYKFj0UHRQhJw2hVPqXcoFYUHdOV9I1c1_n8Cts-WBNsCC5QeLRhSXMP8AXBcSxfSv7-X1u92p_NKlGh0e1T367go5qLlZP_JyRzjUIMcONyTPXffBuAVxGFdEi87vmow8jsvdsVu1kywwfDfJESNMvFBaxHuAlYmc0Q>) Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier [CVE-2021-44515](<https://nvd.nist.gov/vuln/detail/CVE-2021-44515>), is an authentication bypass vulnerability that could permit an adversary to circumvent authentication protections and execute arbitrary code in the Desktop Central MSP server. "If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution," Zoho [cautioned](<https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp>) in an [advisory](<https://www.manageengine.com/desktop-management-msp/cve-2021-44515-security-advisory.html>). "As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible." [![Zoho ManageEngine](https://thehackernews.com/new-images/img/a/AVvXsEj1xx5yUi1N8hhGwCsKIe41nVNxRANWaKDVgeuBCUxVqEN45mzkSaOzVblxzHvLtCK-S72xInMv4NWD4QK3W_SCbiMYIvb1aWhb4RUPVekHI3U6EYX9pyFk2YzPaff25pZUh78cc-rh7QoowlHfpWg_XvNGJTVk5a-4xiCyFSQB1ERi9_IrQwoKwI9U=s728-e1000)](<https://thehackernews.com/new-images/img/a/AVvXsEj1xx5yUi1N8hhGwCsKIe41nVNxRANWaKDVgeuBCUxVqEN45mzkSaOzVblxzHvLtCK-S72xInMv4NWD4QK3W_SCbiMYIvb1aWhb4RUPVekHI3U6EYX9pyFk2YzPaff25pZUh78cc-rh7QoowlHfpWg_XvNGJTVk5a-4xiCyFSQB1ERi9_IrQwoKwI9U>) The company has also made available an [Exploit Detection Tool](<https://downloads.zohocorp.com/dnd/Desktop_Central/XTsIm8tSrnzjXhW/detector.zip>) that will help customers identify signs of compromise in their installations. With this development, CVE-2021-44515 joins two other vulnerabilities [CVE-2021-44077](<https://nvd.nist.gov/vuln/detail/CVE-2021-44077>) and [CVE-2021-40539](<https://nvd.nist.gov/vuln/detail/CVE-2021-40539>) that have been [weaponized](<https://thehackernews.com/2021/11/experts-detail-malicious-code-dropped.html>) to compromise the networks of critical infrastructure organizations across the world. The disclosure also comes a day after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) [warned](<https://thehackernews.com/2021/12/cisa-warns-of-actively-exploited.html>) that CVE-2021-44077 — an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus — is being exploited to drop web shells and carry out an array of post-exploitation activities as part of a campaign dubbed "TiltedTemple." Found this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter __](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.


Related