Indian enterprise software provider Zoho has warned of a new security vulnerability affecting its ManageEngine Desktop Central, an IT and network management tool, that is currently being exploited in the wild.
The vulnerability, tracked as CVE-2021-44515, exists due to an error when processing authentication requests and can be used by a remote attacker to bypass authentication process and execute arbitrary code in the Desktop Central server.
“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible,” Zoho’ said in a security advisory.
The company said the bug was patched the latest ManageEngine Desktop Central build released on December 3.
Zoho did not provide any details about malicious actors exploiting this vulnerability.
According to the Shodan search results, there are nearly 3,100 Zoho ManageEngine Desktop Central servers connected to the internet.
Earlier this month, the U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warned of threat actors exploiting an RCE vulnerability ( CVE-2021-44077) in Zoho’s ManageEngine ServiceDesk Plus to deploy web shells and carry out an array of malicious activities.
According Palo Alto Networks’ Unit42, CVE-2021-44077 is the second flaw to be exploited by the same threat actor that was previously found exploiting a bug in Zoho's self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus (CVE-2021-40539) to compromise at least 11 organizations. Unit42 tracks this combined activity as the TiltedTemple campaign.