CVE-2021-23017: Zoho ManageEngine Desktop Central Remote Code Execution Vulnerability

CVE-2021-23017 is a security vulnerability that affects the Zoho ManageEngine Desktop Central and Desktop Central MSP software. The vulnerability allows an attacker to execute arbitrary code remotely on the affected system.

The vulnerability is caused by improper validation of user-supplied data in the 'FileStorageServlet' component, which is used to upload files to the server. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the affected server, which allows them to execute arbitrary code with the privileges of the affected application.

This vulnerability affects the following versions of Zoho ManageEngine Desktop Central and Desktop Central MSP software:

• Desktop Central MSP versions prior to 10.0.510
• Desktop Central versions prior to 10.0.510

To mitigate this vulnerability, users are advised to upgrade their software to the latest version as soon as possible. Zoho has released a security patch for this vulnerability, which users can download from the company's website. Additionally, users are advised to restrict access to the affected software to trusted networks and to monitor their systems for any suspicious activity.