Critical Security Vulnerability in Zoho ManageEngine Products

Home / Threat Intelligence bulletins / Critical Security Vulnerability in Zoho ManageEngine Products

Overview

On Monday 17th January 2022, Enterprise software maker Zoho issued patches and configuration guidance for a critical security vulnerability in their ManageEngine Desktop Central and ManageEngine Desktop Central MSP products which a remote adversary could exploit to perform unauthorised actions in affected servers.

Impact

Threat actors have been seen compromising Desktop Central servers using the flaw CVE-2021-44757 by writing arbitrary zip files to, and reading data from, the vulnerable server.

Products Affected

The flaw affects Zoho ManageEngine Desktop Central software for both enterprise customers and managed service providers.

Containment, Mitigations & Remediation

ManageEngine advises customers to update their installations to the latest build (version 10.1.2137.9) as soon as possible and to configure their environment in-line with Zoho’s guidance.

Indicators of Compromise

There are no indicators of compromise at this time.

Threat Landscape

Zoho has become a prime target for threat actors with several critical vulnerabilities being identified in the last 2 months alone, and a total of 66 critical vulnerabilities being disclosed throughout 2021 as active exploits have been discovered.

Mitre Methodologies

[T1505] – Server Software Component: Web Shell
[T1548.002] – Abuse Elevation Control Mechanism: Bypass User Account Control

Further Information

Vulnerabilities (CVE)
Bleeping Computer – Zoho plugs another critical security hole in Desktop Central
The Hacker News – Zoho Releases Patch For Critical Flaw