ManageEngine Desktop Central - Authentication Bypass and Remote Code Execution (CVE-2021-44515)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
ManageEngine Desktop Central is affected by an Authentication Bypass vulnerability in the StateFilter class of the hypervisor. By exploiting the CVE-2021-44515 vulnerability, an attacker can bypass the authentication of the console component and afterward send commands via WebSockets to the managed devices by the ManageEngine Desktop Central server. This may potentially cause remote code execution, allowing a malicious unauthenticated attacker to execute arbitrary code on the devices managed by the ManageEngine Desktop Central server.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the ManageEngine Desktop Central to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the ManageEngine Destop Central to version 10.1.2137.3 for Enterprise builds between 10.1.2128.0 and 10.1.2137.2, version 10.1.2127.18 for MSP builds earlier that 10.1.2127.17, version 10.1.2127.18 for Enterprise builds earlier than 10.1.2127.17 and to version 10.1.2137.3 for MSP builds between 10.1.2128.0 through 10.1.2137.2.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Dec 2021
- Published at
- Updated at
- Software Type
- Hypervisor
- Vendor
- ManageEngine
- Product
- Desktop Central