2022-04-24 10:12:25 +00:00
id : CVE-2021-44515
info :
name : Zoho ManageEngine Desktop Central - Remote Code Execution
author : Adam Crosser
severity : critical
2022-05-18 20:58:07 +00:00
description : Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
2023-09-06 12:09:01 +00:00
remediation : For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
2022-04-24 10:12:25 +00:00
reference :
- https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
- https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
- https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
2022-05-17 09:18:12 +00:00
- https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
2022-05-18 20:58:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-44515
2022-04-24 10:12:25 +00:00
classification :
2022-05-17 09:18:12 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2022-04-24 10:12:25 +00:00
cve-id : CVE-2021-44515
2022-05-17 09:18:12 +00:00
cwe-id : CWE-287
2024-04-08 11:34:33 +00:00
epss-score : 0.97233
epss-percentile : 0.99811
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:enterprise:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : zohocorp
product : manageengine_desktop_central
2024-05-31 19:23:20 +00:00
shodan-query : http.title:"manageengine desktop central 10"
fofa-query : title="manageengine desktop central 10"
google-query : intitle:"manageengine desktop central 10"
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,zoho,rce,manageengine,kev,zohocorp
2022-04-24 10:12:25 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-04-24 10:12:25 +00:00
- raw :
- |
GET /STATE_ID/123/agentLogUploader HTTP/1.1
Host : {{Hostname}}
Cookie : STATE_COOKIE=&_REQS/_TIME/123
matchers-condition : and
matchers :
- type : dsl
dsl :
- "len(body) == 0"
- type : word
part : header
words :
2022-05-18 20:58:07 +00:00
- "UEMJSESSIONID="
2023-07-11 19:49:27 +00:00
- type : status
status :
- 200
2024-06-01 06:53:00 +00:00
# digest: 4a0a0047304502210088cc9496c36425cadeb76ea850dad7bb090ed0a984a63d2b0e428b8b9c15d4c7022023a9097c12c361205278e5f91692f4ee708b673b2e5c2ae2fe9133245e8ccc8b:922c64590222798bb761d5b6d8e72950