9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
Affected (4)
Products: Zohocorp: Manageengine Desktop Central
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.2127.18 |
References (7)
Source: cve@mitre.org
Issue TrackingVendor Advisory
Source: cve@mitre.org
Broken LinkThird Party AdvisoryUS Government Resource
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Timeline
No history available yet.