.. / CVE-2021-44515

Exploit for Zoho ManageEngine Desktop Central - Remote Code Execution (CVE-2021-44515)

Description:

Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

Nuclei Template

View the template here CVE-2021-44515.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-44515.yaml

References:

https://pitstop.manageengine.com/portal/en/community/topic/an-authentication-bypass-vulnerability-identified-and-fixed-in-desktop-central-and-desktop-central-msp
https://nvd.nist.gov/vuln/detail/CVE-2021-44515
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis

.. / CVE-2021-44515 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zoho ManageEngine Desktop Central - Remote Code Execution (CVE-2021-44515)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-44515