Zoho patches the security hole affecting ManageEngine Desktop Central

The new critical severity vulnerability addressed by enterprise software maker Zoho

Remote access to servers can occur due to flaw exploitZoho encourages people to patch the security issue. CVE flaw has 9.8 severity rate

The particular flaw affecting Desktop Central and Desktop Central MSP unified endpoint management solutions get patched.[1] The endpoint management platform ManageEngine Desktop Central allows administrators to deploy patches and evens software via the network and troubleshoot any issues remotely.[2] The company released the security issues tracked as the CVE-2021-44757 and provided mitigation with the latest release of Desktop central products.[3]

This addressed security flaw was important to patch because the authentication bypass vulnerability can allow a remote user to perform unauthorized actions in the server directly. If such a flaw gets exploited, threat actors can read sensitive data or drop an arbitrary zip file on the server and execute further attacks.

Users are advised to follow security hardening guidelines since it is believed that at least 2800 instances are exposed to these attacks if the vulnerability is not getting the patch as soon as possible. The 10.1.2137.9 build should fully remediate the issue.

Yet another Zoho vulnerability that gets patched

Zoho patched another critical flaw related to bypassing the authentication and execution of arbitrary code back in December. The flaw was detected and indicated possible attack risk on unpatched ManageEngine Desktop Central servers. The company recently addressed four security issues:

  • CVE-2021-40539. The flaw with a severity score of 9.8 is the authentication bypass vulnerability that affects ManageEngine ADSelfService Plus.
  • CVE-2021-44077. This security issue has a 9.8 severity rate too. The vulnerability, when exploited, can result in unauthenticated remote code execution. The flaw affects Zoho ManageEngine ServiceDesk plus, ServiceDesk Plus MSP, SupportCenter Plus.
  • CVE-2021-44515. The flaw with 9.8 severity rate. This is another authentication bypass vulnerability that affects Zoho ManageEngine Desktop Central in particular.

These security vulnerabilities have been and can easily be exploited by threat actors.[4] Attacks that can be launched using these critical bugs can negatively affect companies and damage devices, servers, and operations.[5] Admins of the servers and users should apply available updates as soon as it is possible, so potential risks are mitigated, and it is possible to avoid serious cyberattacks.

Researchers warn about state-backed hacking groups and flaw exploitation

The popularity of these vulnerabilities and newly discovered flaws in the cyber security world made threat actors more attracted to the value such attacks can provide. Sensitive information exfiltration, data gathering methods, direct arbitrary code execution can create serious issues. Hacker groups related to the government can rely on these methods and release attacks exploiting security flaws like this.

Dropping web shells on critical infrastructure organization networks can create major issues. Especially when those companies are related to healthcare, financial services, electronic, IT consulting industries. Since these news reports covered many exploit incidents and patches, cybersecurity researchers and law enforcement released multiple advisories stating about these issues.

CISA warns about particular APT groups that can easily exploit these high severity rate vulnerabilities and break into servers belonging to various industries. The joined advisory with the FBI lists possible mitigation tactics and lists all details about the possible exploits.

Successful exploitation of the vulnerability allows an attacker to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions