ManageEngine Desktop Central - Authentication Bypass and Remote Code Execution (CVE-2021-44515)

ManageEngine Desktop Central is affected by an Authentication Bypass vulnerability in the StateFilter class of the hypervisor. By exploiting the CVE-2021-44515 vulnerability, an attacker can bypass the authentication of the console component and afterward send commands via WebSockets to the managed devices by the ManageEngine Desktop Central server. This may potentially cause remote code execution, allowing a malicious unauthenticated attacker to execute arbitrary code on the devices managed by the ManageEngine Desktop Central server.

The risk exists that a remote unauthenticated attacker can fully compromise the ManageEngine Desktop Central to steal confidential information, install ransomware, or pivot to the internal network.

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Upgrade the ManageEngine Destop Central to version 10.1.2137.3 for Enterprise builds between 10.1.2128.0 and 10.1.2137.2, version 10.1.2127.18 for MSP builds earlier that 10.1.2127.17, version 10.1.2127.18 for Enterprise builds earlier than 10.1.2127.17 and to version 10.1.2137.3 for MSP builds between 10.1.2128.0 through 10.1.2137.2.

https://nvd.nist.gov/vuln/detail/CVE-2021-44515

https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html