HomePentest-Tools.com Logo

ManageEngine Desktop Central - Authentication Bypass and Remote Code Execution (CVE-2021-44515)

CVSSv3 Score
Exploitable with Sniper
Vulnerability description

ManageEngine Desktop Central is affected by an Authentication Bypass vulnerability in the StateFilter class of the hypervisor. By exploiting the CVE-2021-44515 vulnerability, an attacker can bypass the authentication of the console component and afterward send commands via WebSockets to the managed devices by the ManageEngine Desktop Central server. This may potentially cause remote code execution, allowing a malicious unauthenticated attacker to execute arbitrary code on the devices managed by the ManageEngine Desktop Central server.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the ManageEngine Desktop Central to steal confidential information, install ransomware, or pivot to the internal network.


Upgrade the ManageEngine Destop Central to version 10.1.2137.3 for Enterprise builds between 10.1.2128.0 and 10.1.2137.2, version 10.1.2127.18 for MSP builds earlier that 10.1.2127.17, version 10.1.2127.18 for Enterprise builds earlier than 10.1.2127.17 and to version 10.1.2137.3 for MSP builds between 10.1.2128.0 through 10.1.2137.2.

Detectable with
Network Scanner
Vuln date
Dec 2021
Published at
Updated at
Software Type
Desktop Central
Not available