This document addresses an authentication bypass vulnerability (CVE-2021-44515) in ManageEngine Desktop Central and provides an incident response plan if your system is affected.
Vulnerability ID: CVE-2021-44515
Severity: Critical
Update Release Date: 3rd December 2021
Fix Build:
i) For Enterprise-
For builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
For builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3
ii) For MSP-
For builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
For builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3
An authentication bypass vulnerability in ManageEngine Desktop Central was identified and the vulnerability can allow an adversary to bypass authentication and execute arbitrary code in the Desktop Central server.
Note: As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.
We have developed an Exploit Detection Tool that will help you identify whether your installation has been affected by this vulnerability. You can download the tool here. Once you have downloaded the file, follow these steps:
Here are some of the Indicators of Compromise (IOC) for this vulnerability (CVE 2021-44515):
1. Disconnect the affected system from your network.
2. Back up the Desktop Central database using these steps.
3. Format the compromised machine. Note: Before formatting the machine, ensure that you have backed up all critical business data.
4. Follow these steps to restore Desktop Central.
5. Mandatory step: Once the server is up and running, update Desktop Central to the latest build using the following steps:
i) Log in to your Desktop Central console, click on your current build number on the top right corner.
ii) You can find the latest build. Download the PPM and update.
Recommendation: Initiate a password reset for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine. It is better if AD administrator passwords are also reset.
Mandatory step: Update Desktop Central to the latest build using the following steps:
i) Log in to your Desktop Central console, click on your current build number on the top right corner. ii) You can find the latest build. Download the PPM and update.Note: This vulnerability is not applicable to Desktop Central Cloud.
For further assistance, please contact endpointcentral-security@manageengine.com
Keywords: Security Updates, Vulnerabilities and Fixes, CVE-2021-44515, authentication bypass