Vulnerability — CVE-2021-44515

CVE-2021-44515

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-44515
Description:: Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
Last updated date:: 07/12/2022

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 12/06/2021
Reference url to background: https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 12/10/2021
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 12/12/2021
Reference url to background: https://nvd.nist.gov/vuln/detail/CVE-2021-44515

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/16/2021
Reference url to background: https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html