This notification is in regard to an authentication bypass vulnerability that was recently identified in Desktop Central. This applies to Desktop Central MSP as well. Registered as CVE-2021-44515, this vulnerability has now been fixed and released in our latest build on 3rd December 2021.
What is the issue?
An authentication bypass vulnerability in ManageEngine Desktop Central that could result in remote code execution.
What is the impact of the issue?
If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution.
What is the severity of the issue?
We consider the severity of this vulnerability to be critical.
Is this issue applicable to you? How to identify and mitigate it?
Note: As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.
Please follow the security hardening guidelines
to ensure all the security controls and protections are configured to keep your Desktop Central environment secure.
Team Desktop Central.