ManageEngine Desktop Central Security Update
Date of Notice: 12/3/2021
Action Level - Critical
Description
MCNC would like to make you aware of a vulnerability affecting Desktop Central MSP by ManageEngine. This vulnerability could allow an attacker to bypass authentication and execute arbitrary code in the Desktop Central server. There are reports of this vulnerability being exploited currently. ManageEngine recommends immediate patching of vulnerable systems in addition to utilizing the provided exploit detection tool to check for system compromise.
Affected Software
- ManageEngine Desktop Central MSP - builds released prior to 12/3/21
Attack Vector
An attacker with remote or local access to a vulnerable server.
Attack Feasibility
There are reports that this issue is being actively exploited.
Mitigations
There are no known mitigations or workarounds to address this vulnerability.
Remediation
ManageEngine has released server updates to remediate this vulnerability. They also provide an exploit detection tool to verify whether your system has been compromised using this vulnerability in their security advisory. ManageEngine recommends updating to an updated build and following steps to check for system compromise as soon as possible. If compromise is detected by the exploit detection tool, follow the incident response plan in the security advisory.
Vendor Resources