Zoho announced on Friday that a newly patched critical security vulnerability in its Desktop Central and Desktop Central MSP products is being actively exploited by malicious actors, marking the third security vulnerability in its products to be exploited in the wild in the last four months.
The vulnerability, assigned the identifier CVE-2021-44515, is an authentication bypass flaw that could let an attacker to bypass authentication protections and execute arbitrary code in the Desktop Central MSP server.
Zoho cautioned in an advisory, “If exploited, the attackers can gain unauthorized access to the product by sending a specially crafted request leading to remote code execution,”
“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.”
Zoho has also made an Exploit Detection Tool available, which will help its customers in detecting indicators of intrusion in their installations.
CVE-2021-44515 now joins two previous vulnerabilities, CVE-2021-44077 and CVE-2021-40539, that have been weaponized to compromise the networks of critical infrastructure organizations around the world.
CVE-2021-44077, an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus, is being exploited to drop web shells and carry out a array of post-exploitation activities as part of a campaign dubbed “TiltedTemple,” according to the US Cybersecurity and Infrastructure Security Agency (CISA).