Flaw With Zoho Desktop Central Let Attackers to Bypass Authentication

A new critical vulnerability has been fixed that was detected in Zoho’s Desktop Central and Desktop Central MSP; this security flaw allows an attacker to bypass the authentication and remotely perform malicious actions on the compromised server.

The flaws have been tracked as “CVE-2021-44757,” an authentication bypass vulnerability, and have been fixed in the latest build (10.1.2137.9), which is released on January 17, 2022. This vulnerability has been identified by the:-

Osword from SGLAB of Legendsec at Qi’anxin Group.

Over the network to deploy patches remotely, Zoho’s ManageEngine Desktop Central is used; in short, it’s an endpoint management platform for the admins.

Exploitation and Vulnerabilities

On the successful exploitation, an attacker can perform the following actions on the compromised server:-

Read all the essential data.
Expose private information.
Write an arbitrary zip file.

In a recent report, Shodan has revealed that over 2,800 ManageEngine Desktop Central instances are vulnerable to attacks since they were not patched yet.

Over the past five months, Zoho has fixed four vulnerabilities, and here they are mentioned below:-

CVE-2021-44757: An authentication bypass vulnerability that is affecting Zoho’s Desktop Central and Desktop Central MSP.
CVE-2021-40539 (CVSS score: 9.8): Authentication bypass vulnerability affecting Zoho ManageEngine ADSelfService Plus
CVE-2021-44077 (CVSS score: 9.8): Unauthenticated, remote code execution vulnerability affecting Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus.
CVE-2021-44515 (CVSS score: 9.8): Authentication bypass vulnerability affecting Zoho ManageEngine Desktop Central.

Apart from the new one, for the above mentioned three vulnerabilities, the CISA and the FBI issued joint advisories in which they claimed that all these flaws were actively exploited by the state-sponsored hackers to drop web shells.

Recommendation

As a recommendation, the cybersecurity experts have strongly recommended users to follow the security hardening guidelines provided by the company for its products “Desktop Central and Desktop Central MSP” and make sure that all the security controls are configured properly.

The vulnerability has been fixed on January 17, 2022 and the mitigation is available in the build 10.1.2137.9. To apply this fix, follow the steps below:

Login to your Desktop Central console, click on your current build number on the top right corner.
You’ll be able to find the latest build applicable to you. Download the PPM and update

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Critical Flaw With Zoho Desktop Central Let Attackers to Bypass Authentication

Exploitation and Vulnerabilities

Recommendation

Latest articles

QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

Weaponized LDAP Exploit Deploys Information-Stealing Malware

New NonEuclid RAT Evades Antivirus and Encrypts Critical Files

Hackers Targeting Users Who Lodged Complaints On Government portal To Steal Credit Card Data

API Security Webinar

72 Hours to Audit-Ready API Security

Discussion points

More like this

Weaponized LDAP Exploit Deploys Information-Stealing Malware

Juniper Networks Vulnerability Let Remote Attacker Execute Network Attacks

Gitlab Patches Multiple Vulnerabilities Including Resource Exhaustion & User Manipulation

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2024