1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Zoho Desktop Central Authentication Bypass Vulnerability

Known Exploited Vulnerabilities CVE-2021-44515 Mappings

Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-44515 Zoho Desktop Central Authentication Bypass Vulnerability secondary_impact T1003 OS Credential Dumping
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
  1. https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild
  2. https://www.ic3.gov/CSA/2021/211220.pdf
CVE-2021-44515 Zoho Desktop Central Authentication Bypass Vulnerability secondary_impact T1069 Permission Groups Discovery
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
  1. https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild
  2. https://www.ic3.gov/CSA/2021/211220.pdf
CVE-2021-44515 Zoho Desktop Central Authentication Bypass Vulnerability secondary_impact T1087 Account Discovery
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
  1. https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild
  2. https://www.ic3.gov/CSA/2021/211220.pdf
CVE-2021-44515 Zoho Desktop Central Authentication Bypass Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
  1. https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild
  2. https://www.ic3.gov/CSA/2021/211220.pdf
CVE-2021-44515 Zoho Desktop Central Authentication Bypass Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2021-44515 is an authentication bypass vulnerability. Post-exploit, APT actors were observed dropping a webshell, downloading post-exploitation tools, enumerating domain users and groups, conducting network reconnaissance, attempting lateral movement and dumping credentials.
References
  1. https://www.tenable.com/blog/cve-2021-44515-zoho-patches-manageengine-zero-day-exploited-in-the-wild
  2. https://www.ic3.gov/CSA/2021/211220.pdf