Zoho fixes another critical security flaw in Desktop Central

Zoho has fixed a new critical severity vulnerability that affects Desktop Central and Desktop Central MSP Unified Endpoint Management (UEM) solutions.

ManageEngine Desktop Central is an endpoint management platform that allows administrators to deploy patches and software to the network and troubleshoot them remotely.

Zoho has patched the security flaw tracked as CVE-2021-44757 today and now provides mitigation with latest released version Central Office and MSP Central Office versions (Build Build: 10.1.2137.9).

“An authentication bypass vulnerability that may allow a remote user to perform unauthorized actions on the server,” said Zoho’s ManageEngine team. Explain in a notification issued today.

“If exploited, this vulnerability could allow an attacker to read unauthorized data or write an arbitrary zip file to the server.”

The company also advised customers to follow its security hardening guidelines to Central Office and MSP Central Office.

Today a Shodan search revealed more than 2,800 instances of ManageEngine Desktop Central exposed to attacks on the Internet if they are not corrected.

In early December, Zoho patched another critical vulnerability (CVE-2021-44515) that could allow hackers to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers.

The Indian enterprise software vendor also warned at the time that it had found evidence in the savage exploitation and urged customers to update as soon as possible to block incoming attacks.

In late December, the FBI’s Cyber ​​Division confirmed Zoho’s ongoing exploit alert warning that multiple APT groups have been exploiting the CVE-2021-44515 flaw since at least late October 2021.

This is not the first time that Zoho ManageEngine servers have recently come under attack. Instances of Desktop Central, in particular, have already been hacked and access to compromised networks sold on hacking forums since at least July 2020.

Between August and October 2021, hackers targeted Zoho ManageEngine products using tools and tactics similar to those seen in coordinated attacks by China-backed threat group APT27.

Their attacks focused on and led to the breach of networks belonging to critical infrastructure organizations around the world in three different campaigns using:

Following this series of attacks, CISA and the FBI issued joint advisories (1, 2) warning of state-backed hacking groups exploiting ManageEngine vulnerabilities to drop web shells on the networks of critical infrastructure organizations in the healthcare, financial services, electronics, and IT consulting industries .