#VU58523 Improper Authentication in Zoho ManageEngine Desktop Central - CVE-2021-44515
Published: December 6, 2021 / Updated: December 7, 2021
Vulnerability identifier: #VU58523
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2021-44515
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Zoho ManageEngine Desktop Central
Zoho ManageEngine Desktop Central
Software vendor:
Zoho Corporation
Zoho Corporation
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and execute arbitrary code in the Desktop Central server.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.