Zoho security advisory

From: Canadian Centre for Cyber Security

Number: AV21-621
Date: 8 December 2021

On 3 December 2021 Zoho published a Vulnerability Notification to address a vulnerability in the following products:

  • ManageEngine Desktop Central – builds 10.1.2127.17 and prior, 10.1.2128.0 to 10.1.2137.2
  • ManageEngine Desktop Central MSP – builds 10.1.2127.17 and prior, 10.1.2128.0 to 10.1.2137.2

Exploitation of this vulnerability could allow for remote code execution.

Zoho has noted it is aware of exploitation of this vulnerability in the wild.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Zoho Vulnerability Notification
https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: