Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.
The issue is an authentication bypass vulnerability, a remote attacker can exploit it to perform unauthorized actions in the server.
The Zoho ManageEngine Desktop Central endpoint management solution helps organizations in managing servers, laptops, desktops, smartphones, and tablets from a central location.
“An authentication bypass vulnerability that can allow a remote user to perform unauthorized actions in the server.” reads the advisory published by the Zoho’s ManageEngine Team. “If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary zip file on the server. “
In December, The Federal Bureau of Investigation (FBI) revealed that another critical zero-day vulnerability in Zoho’s ManageEngine Desktop Central, tracked as CVE-2021-44515, has been under active exploitation by nation-state actors since at least October.
The CVE-2021-44515 flaw is an authentication bypass vulnerability in ManageEngine Desktop Central software that can be exploited by attackers to bypass authentication and execute arbitrary code on Desktop Central servers.
(SecurityAffairs – hacking, Zoho)