Unauthenticated Remote Code Execution in Zoho ManageEngine Products
CVE-2021-44077
Key Information:
- Vendor
Zohocorp
- Vendor
- CVE Published:
- 29 November 2021
Badges
What is CVE-2021-44077?
Zoho ManageEngine products, including ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus, exhibit a vulnerability that enables unauthenticated remote code execution via insecure /RestAPI URLs. Attackers can exploit this flaw to execute arbitrary code on affected systems, stemming from issues within the servlet configuration and ImportTechnicians in the Struts framework. Organizations using these versions must upgrade promptly to mitigate the potential risks associated with this vulnerability.
CISA has reported CVE-2021-44077
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2021-44077 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved