This security advisory is in regard to a critical security patch released by
ManageEngine Desktop Central for the vulnerability CVE-2021-44757.
Please read this document fully to understand the nature of this
vulnerability and steps to mitigate it. Kindly make sure to educate
your customers on this to avoid any exploitation in their set-ups.
We have sent them a notification as well.
Description - An authentication bypass vulnerability registered as
CVE-2021-44757 has been identified and fixed.
Impact - If exploited, this vulnerability may allow an attacker to
read unauthorized data or write an arbitrary zip file in the server.
Mitigation - The fix for this vulnerability has been released on
17-01-2022. We strongly recommend our users to upgrade to the
latest version. Please refer to the Desktop Central KB document
and Desktop Central MSP KB document.
Note:
1. This vulnerability was reported under our responsible disclosure
program. There are no known active exploits of this vulnerability.
2. Along with this release, we have added few security enhancements
based on our internal assessment.
Recommendation - Please follow the security hardening guidelines
for Desktop Central and Desktop Central MSP to ensure all the
security controls are configured to keep your network secure.
Credit: Osword from SGLAB of Legendsec at Qi'anxin Group.
If you have any questions regarding this advisory or need further
assistance, feel free to contact us:
Desktop Central: desktopcentral-
Desktop Central MSP: msp-desktopcentral-
