⚠ Actively exploited
Added to CISA KEV on 2021-12-01. Federal agencies required to patch by 2021-12-15. Required action: Apply updates per vendor instructions..
CVE-2021-44077
Severity
9.8CRITICAL
EPSS
94.3%
top 0.07%
CISA KEV
KEV
Added 2021-12-01
Due 2021-12-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedNov 29
KEV addedDec 1
KEV dueDec 15
Latest updateFeb 24
CISA Required Action: Apply updates per vendor instructions.
Description
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-xm89-vxjx-jvcg: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthentica↗2021-11-30
CVEList▶
CVE-2021-44077: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthentica↗2021-11-29
💥Exploits & PoCs
2Nuclei▶
Zoho ManageEngine ServiceDesk Plus - Remote Code Execution
🔍Detection Rules
1Suricata▶
ET EXPLOIT [CISA AA21-336A] Zoho ManageEngine ServiceDesk Possible Exploitation Activity (CVE-2021-44077)↗2021-12-03