ManageEngine: Announcement: Desktop Central - Security Advisory!

 This security advisory is in regard to a critical security patch released by

ManageEngine Desktop Central for the vulnerability CVE-2021-44757.
Please read this document fully to understand the nature of this
vulnerability and steps to mitigate it. Kindly make sure to educate
your customers on this to avoid any exploitation in their set-ups.
We have sent them a notification as well.

 

Description - An authentication bypass vulnerability registered as
CVE-2021-44757 has been identified and fixed.

 

Impact - If exploited, this vulnerability may allow an attacker to
read unauthorized data or write an arbitrary zip file in the server.

 

Mitigation - The fix for this vulnerability has been released on
17-01-2022. We strongly recommend our users to upgrade to the
latest version. Please refer to the 
Desktop Central KB document
and 
Desktop Central MSP KB document.

 

Note:

1. This vulnerability was reported under our responsible disclosure
    program. There are no known active exploits of this vulnerability.

2. Along with this release, we have added few security enhancements
    based on our internal assessment.

 

Recommendation - Please follow the security hardening guidelines
for 
Desktop Central and Desktop Central MSP to ensure all the
security controls are configured to keep your network secure.

 

Credit: Osword from SGLAB of Legendsec at Qi'anxin Group.

 

If you have any questions regarding this advisory or need further
assistance, feel free to contact us:
Desktop Central: 
desktopcentral-security@manageengine.com 
Desktop Central MSP: 
msp-desktopcentral-support@manageengine.com