CVE-2021-28960 — Command Injection in Desktop Central

CWE-77 — Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

5.3%

top 9.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Desktop Central

Timeline

PublishedSep 21

Latest updateMay 24

Description

Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDmanageengine/desktop_central< 10.0.683

🔴Vulnerability Details

GHSA

GHSA-cq55-rgg6-wm49: ManageEngine Desktop Central before build 10↗2022-05-24

▶

CVEList

CVE-2021-28960: Zoho ManageEngine Desktop Central before build 10↗2021-09-21

▶