Back to KEVs

CVE-2021-44515

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 01, 2021
Published Date
December 12, 2021
Last Updated
February 04, 2025
Vendor
n/a
Product
n/a
Description
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
Tags
cisa nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-12-10 00:00:00 UTC) Source

References

https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp https://www.manageengine.com/products/desktop-central/cve-2021-44515-authentication-bypass-filter-configuration.html https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-thirteen-known-exploited-vulnerabilities-catalog

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-12-10 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44515.yaml 2025-04-26 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • CVE Published to Public

  • Detected by Nuclei