How To Fix CVE-2021-44515- An Authentication Bypass Vulnerability In Desktop Central And Desktop Central MSP

---

Zoho, an enterprise software provider belles about an authentication bypass vulnerability in its Desktop Central, and Desktop Central MSP is actively exploited in the wild. The flaw which is being tracked as CVE-2021-44515 allows an attacker to bypass authentication and execute arbitrary code in the affected products. Let’s see how to fix CVE-2021-44515 to protect your Desktop Central and Desktop Central MSP from being compromised.

Summary Of The CVE-2021-44515 An Authentication Bypass Vulnerability:

The vendor has concluded the severity of the vulnerability is Critical as it allows the attacker to bypass authentication and execute arbitrary code in Desktop Central and Desktop Central MSP servers.

Products Affected By An Authentication Bypass Vulnerability (CVE-2021-44515):

As per the report published on 3rd Dec 2021,  version builds less than 10.1.2127.17 and 10.1.2128.0 to 10.1.2137.2 are affected by the Authentication Bypass Vulnerability (CVE-2021-44515). It is recommended to upgrade the products to versions 10.1.2127.18 & 10.1.2137.3.

Fix Build:-
For Enterprise:
For builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
For builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3
For MSP:
For builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
For builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3

How To Validate Your Desktop Central Is Vulnerable To The CVE-2021-44515 Vulnerability?

The vendor has developed Exploit Detection Tool, which will tell you if your product is vulnerable to the authentication bypass vulnerability. 
Follow these steps in order to validate your product is vulnerable to the CVE-2021-44515 vulnerability:

1. Download the Exploit Detection Tool to the server on which Desktop Central or Desktop Central MSP is installed.
2. extract the Exploit detection Tool to either ManageEngineUEMS_CentralServerbin folder or ManageEngineDesktopCentral_Serverbin folder whichever is applicable for you.
3. Change the directory to either ManageEngineUEMS_CentralServerbin folder or ManageEngineDesktopCentral_Serverbin folder.
4. Run the command RCEScan.bat
5. You will either see “Compromised” or “Not Compromised” as the output. As it clearly says that, If you see “Not Compromised,” your product is not vulnerable, your are safe, and no action is required, but if you see “Compromised,” then you should plan for upgradation to fix CVE-2021-44515, the authentication bypass vulnerability.

How To Fix CVE-2021-44515- An Authentication Bypass Vulnerability In Desktop Central And Desktop Central MSP?

If your products are vulnerable, it is recommended to upgrade the products to version 10.1.2127.18 & 10.1.2137.3.

1. Take the backup of all the critical business data with the Desktop Central database. We recommend taking the backup of snapshot if it is a VM or at least file backup in the case of a physical server.
2. Format the disc or delete the VM.
3. Build a new VM or install the operating system.
4. Download and install the Desktop Central and Desktop Central MSP. Note: The build version of the new installation should be the same as that of the database backup.
   1. Download Desktop Central:
      1. 10.1.2127.18 or 10.1.2137.3
   2. Download Desktop Central MSP:
      1. 10.1.2127.18 or 10.1.2137.3
5. Restore the backup and start the server.
   1. How to restore Desktop Central Server?
   2. How to restore Desktop Central MSP Server?
6. After the data restoration, update the Desktop Central and Desktop Central MSP from their consoles.
   1. Update Desktop Central or Desktop Central MSP:
      1. Log in to your Desktop Central/Desktop Central MSP console.
      2. Click on your current build number in the top right corner.
      3. You can find the latest build. Download the PPM and update.

See Also How to Fix CVE-2023-33009 and CVE-2023-33010- Critical Buffer Overflow Vulnerabilities in Zyxel Products?