CVE-2021-44757

critical

Description

Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

From the Tenable Blog

CVE-2021-44757: ZoHo Patches Authentication Bypass in ManageEngine Desktop Central

Published: 2022-01-18

ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server.

References

https://www.tenable.com/blog/cve-2021-44757-zoho-patches-authentication-bypass-in-manageengine-desktop-central

https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022

Details

Source: Mitre, NVD

Published: 2022-01-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics