Skip to content
Nuclei Templates

Zoho ManageEngine ServiceDesk Plus - Remote Code Execution

ID: CVE-2021-44077

Severity: critical

Author: Adam Crosser,gy741

Tags: cve2021,cve,rce,kev,msf,zoho,manageengine,zohocorp

Description

Section titled “Description”

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.

YAML Source

Section titled “YAML Source”
id: CVE-2021-44077


info:
  name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution
  author: Adam Crosser,gy741
  severity: critical
  description: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
  remediation: |
    Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine ServiceDesk Plus.
  reference:
    - https://www.cisa.gov/uscert/ncas/alerts/aa21-336a
    - https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/
    - https://github.com/horizon3ai/CVE-2021-44077
    - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_servicedesk_plus_cve_2021_44077.rb
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44077
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-44077
    cwe-id: CWE-306
    epss-score: 0.97367
    epss-percentile: 0.99895
    cpe: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zohocorp
    product: manageengine_servicedesk_plus
    shodan-query: http.title:"manageengine servicedesk plus"
    fofa-query: title="manageengine servicedesk plus"
    google-query: intitle:"manageengine servicedesk plus"
  tags: cve2021,cve,rce,kev,msf,zoho,manageengine,zohocorp


http:
  - method: GET
    path:
      - "{{BaseURL}}/RestAPI/ImportTechnicians"


    matchers-condition: and
    matchers:
      - type: word
        words:
          - '<form name="ImportTechnicians"'


      - type: status
        status:
          - 200
# digest: 490a00463044022028d27411352f88b16caa3af0d1c51be1fac06df3e0ff41061d8321b57f91201402207213bd8adbdf38f69a39bb81df36cd2f80803d44ea5f280307a5c4e2f5e5c8a1:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-44077.yaml"

View on Github