On March 5th, a functional exploit for an unpatched vulnerability in ManageEngine Desktop Central was published by security researcher Steven Seely. The exploit allows attackers to upload files and remotely run commands with SYSTEM permissions, without any authentication required. Desktop Central is a Zoho product used for endpoint management that Managed Service Providers (MSPs) use frequently. The exploit could allow attackers to gain complete control of servers that are connected to the Internet or move laterally to internal servers from an initial compromise of a workstation. A search on Shodan revealed approximately 2,300 publicly exposed Desktop Central servers that could be targeted.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in