cbcvebase.
CVE-2021-44757
published 2022-01-18

CVE-2021-44757: Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive…

PriorityP268critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
24.20%
97.6th percentile
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9 allow attackers to bypass authentication, and read sensitive information or upload an arbitrary ZIP archive to the server.

Affected

2 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_desktop_central< 10.1.2137.910.1.2137.9
zohocorpmanageengine_desktop_central_managed_service_providers< 10.1.2137.910.1.2137.9

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability affects Zoho ManageEngine Desktop Central and Desktop Central MSP versions before 10.1.2137.9; detect exploitation attempts targeting authentication bypass that allows reading sensitive data or uploading arbitrary ZIP archives to the server.
  • Monitor for unauthenticated requests that result in ZIP file writes to the ManageEngine Desktop Central server filesystem, which is the primary exploitation primitive for this vulnerability.
  • Given prior active exploitation of the closely related CVE-2021-44515 in Desktop Central by APT actors, prioritize detection and patching of CVE-2021-44757 on internet-exposed Desktop Central instances.
  • ·No CVSS score was available at time of publication for CVE-2021-44757; severity should be treated as critical based on vendor advisory classification.
  • ·No public proof-of-concept exploit was available at time of publication, but exploitation is considered likely given the history of similar CVEs in the same product being rapidly weaponized.
  • ·No confirmed in-the-wild exploitation of CVE-2021-44757 was reported at time of publication, unlike the related CVE-2021-44515 which was actively exploited as a zero-day.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.