HomePentest-Tools.com Logo

ManageEngine Desktop Central - Authentication Bypass and Remote Code Execution (CVE-2021-44515)

Severity
CVSSv3 Score
9.8
Vulnerability description

ManageEngine Desktop Central is affected by an Authentication Bypass vulnerability in the StateFilter class of the hypervisor. By exploiting the CVE-2021-44515 vulnerability, an attacker can bypass the authentication of the console component and afterward send commands via WebSockets to the managed devices by the ManageEngine Desktop Central server. This may potentially cause remote code execution, allowing a malicious unauthenticated attacker to execute arbitrary code on the devices managed by the ManageEngine Desktop Central server.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the ManageEngine Desktop Central to steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Upgrade the ManageEngine Destop Central to version 10.1.2137.3 for Enterprise builds between 10.1.2128.0 and 10.1.2137.2, version 10.1.2127.18 for MSP builds earlier that 10.1.2127.17, version 10.1.2127.18 for Enterprise builds earlier than 10.1.2127.17 and to version 10.1.2137.3 for MSP builds between 10.1.2128.0 through 10.1.2137.2.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Dec 2021
Published at
Updated at
Software Type
Hypervisor
Vendor
ManageEngine
Product
Desktop Central