Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.
The issue is an authentication bypass vulnerability, a remote attacker can exploit it to perform unauthorized actions in the server.
The Zoho ManageEngine Desktop Central endpoint management solution helps organizations in managing servers, laptops, desktops, smartphones, and tablets from a central location.
“An authentication bypass vulnerability that can allow a remote user to perform unauthorized actions in the server.” reads the advisory published by the Zoho’s ManageEngine Team. “If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary zip file on the server. “
The company recommends customers to follow the security hardening guidelines for Desktop Central and Desktop Central MSP to secure their installs.
In December, The Federal Bureau of Investigation (FBI) revealed that another critical zero-day vulnerability in Zoho’s ManageEngine Desktop Central, tracked as CVE-2021-44515, has been under active exploitation by nation-state actors since at least October.
The CVE-2021-44515 flaw is an authentication bypass vulnerability in ManageEngine Desktop Central software that can be exploited by attackers to bypass authentication and execute arbitrary code on Desktop Central servers.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Zoho)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.