Zoho has addressed a new critical severity vulnerability that affects the company's Desktop Central and Desktop Central MSP unified endpoint management solutions. Desktop Central instances, in particular, have been hacked before and access to compromised networks sold on hacking forums since at least July 2020.
Zoho has fixed the security flaw tracked as CVE-2021-44757 and is now providing alleviation with the latest released Desktop Central and Desktop Central MSP versions. ManageEngine Desktop Central is an endpoint management platform that allows admins to deploy patches and software over the network and troubleshoot them remotely.
Last month, Zoho patched another critical vulnerability CVE-2021-44515 that could allow threat actors to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers. It also warned at the time that it found evidence in the wild exploitation and urged customers to update as soon as possible to block incoming attacks.
Zoho's ManageEngine Team explained, “An authentication bypass vulnerability that can allow a remote user to perform unauthorized actions on the server. If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary zip file on the server.”
The company also advised customers to follow its security hardening guidelines for Desktop Central and Desktop Central MSP.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.