Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2021-44515 | Zoho Desktop Central Authentication Bypass Vulnerability | secondary_impact | T1003 | OS Credential Dumping |
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating
domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
|
CVE-2021-44515 | Zoho Desktop Central Authentication Bypass Vulnerability | secondary_impact | T1069 | Permission Groups Discovery |
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating
domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
|
CVE-2021-44515 | Zoho Desktop Central Authentication Bypass Vulnerability | secondary_impact | T1087 | Account Discovery |
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating
domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
|
CVE-2021-44515 | Zoho Desktop Central Authentication Bypass Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating
domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
|
CVE-2021-44515 | Zoho Desktop Central Authentication Bypass Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating
domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
|