12.03.2021

ManageEngine Desktop Central Security Update

Date of Notice: 12/3/2021

Action Level - Critical

Description

MCNC would like to make you aware of a vulnerability affecting Desktop Central MSP by ManageEngine. This vulnerability could allow an attacker to bypass authentication and execute arbitrary code in the Desktop Central server. There are reports of this vulnerability being exploited currently. ManageEngine recommends immediate patching of vulnerable systems in addition to utilizing the provided exploit detection tool to check for system compromise.

Affected Software

ManageEngine Desktop Central MSP - builds released prior to 12/3/21

Attack Vector

An attacker with remote or local access to a vulnerable server.

Attack Feasibility

There are reports that this issue is being actively exploited.

Mitigations

There are no known mitigations or workarounds to address this vulnerability.

Remediation

ManageEngine has released server updates to remediate this vulnerability. They also provide an exploit detection tool to verify whether your system has been compromised using this vulnerability in their security advisory. ManageEngine recommends updating to an updated build and following steps to check for system compromise as soon as possible. If compromise is detected by the exploit detection tool, follow the incident response plan in the security advisory.

Vendor Resources

https://www.manageengine.com/desktop-management-msp/cve-2021-44515-security-advisory.html

<-- Return to Cybersecurity Alerts...