Security Updates on Vulnerabilities

CVE-2021-44757: Security Advisory

This document addresses an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Endpoint Central MSP.

Update Released Build: 10.1.2137.9
Update Released Date: January 17, 2022


What was the problem?

An authentication bypass vulnerability in Endpoint Central MSP was identified which, when exploited, can allow an attacker to read unauthorized data or write an arbitrary zip file in the Endpoint Central MSP server.

How do I fix it?

This vulnerability has been fixed on January 17, 2022 and the mitigation is available in the build 10.1.2137.9. To apply this fix, follow the steps below:

  1. Login to your Endpoint Central MSP console, click on your current build number on the top right corner.
  2. You'll be able to find the latest build applicable to you. Download the PPM and update.

Note: If you fall in the build range 10.1.2140.X to 10.1.2149.X, kindly contact our support team at msp-desktopcentral-support@manageengine.com for the fix.

Credit

Osword from SGLAB of Legendsec at Qi'anxin Group through our Responsible Disclosure Program.

Help

For any further questions or concerns on this, please write to our support team at msp-desktopcentral-support@manageengine.com.

 

 

Remote Desktop & Mobile Device Management Software for MSPs trusted by