Number: AV21-621
Date: 8 December 2021
On 3 December 2021 Zoho published a Vulnerability Notification to address a vulnerability in the following products:
- ManageEngine Desktop Central – builds 10.1.2127.17 and prior, 10.1.2128.0 to 10.1.2137.2
- ManageEngine Desktop Central MSP – builds 10.1.2127.17 and prior, 10.1.2128.0 to 10.1.2137.2
Exploitation of this vulnerability could allow for remote code execution.
Zoho has noted it is aware of exploitation of this vulnerability in the wild.
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.
Zoho Vulnerability Notification
https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp