Threat Encyclopedia

Zoho.ManageEngine.Desktop.Central.Authentication.Bypass

description-logoDescription

This indicates an attack attempt against an Arbitrary File Upload vulnerability in Zoho ManageEngine Desktop Central.
The vulnerabilities are due to insufficient authorization in ManageEngine DesktopCentral. A remote, unauthenticated attacker can exploit the vulnerability by sending a request to one of the affected endpoints. Successful exploitation could result in remote code execution in the context of the target system.

affected-products-logoAffected Products

Zoho ManageEngine Desktop Central version 10.1.2127.17 and prior
Zoho ManageEngine Desktop Central version 10.1.2128.0 to 10.1.2137.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.zoho.com/

CVE References

CVE-2021-44515