Security advisories

Critical Zoho ManageEngine ServiceDesk Plus Vulnerability Exploited

December 3, 2021 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

eSentire has observed active exploitation of the critical Zoho ManageEngine ServiceDesk Plus vulnerability CVE-2021-44077 (CVSS: 9.8). The vulnerability is classified as Remote Code Execution (RCE) and allows a remote and unauthenticated threat actor to upload executable files and deploy web shells on compromised assets.

Organizations making use of Zoho products are strongly recommended to ensure relevant security patches are deployed and run the available exploitation detection tool, provided by Zoho ManageEngine, to identify potential signs of compromise.

What we’re doing about it

What you should do about it

Additional information

eSentire discovered malicious activity while deploying detection for exploitation of CVE-2021-44077 and associated threats. CISA and the FBI have warned that Advanced Persistent Threat groups are actively exploiting CVE-2021-44077. Exploitation of this vulnerability may indicate that a wider intrusion has occurred, including the compromise of administrator credentials, lateral movements, and data exfiltration.

References:

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44077
[2] https://www.manageengine.com/products/service-desk/security-response-plan.html
[3] https://us-cert.cisa.gov/ncas/alerts/aa21-336a

View Most Recent Advisories