CVE-2021-44077 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus affects v. ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus are powerful tools for businesses to streamline their IT ticketing and customer support processes. These products allow companies to efficiently manage their customer support requests, assign tasks to staff, track progress, and analyze data to identify areas for improvement. With their user-friendly interface and extensive customization options, the ServiceDesk Plus suite has become a popular choice for businesses of all sizes.
Recently, a critical vulnerability, CVE-2021-44077, was discovered in these products. This vulnerability allows remote attackers to execute arbitrary code without authentication, and it is related to the RestAPI URLs in a servlet and ImportTechnicians in the Struts configuration. Attackers can exploit this vulnerability to gain access to sensitive data and take control of the affected systems.
If this vulnerability is exploited, it can lead to catastrophic consequences for businesses. Attackers can steal sensitive data or exfiltrate critical information, leading to financial loss and reputational damage. Additionally, attackers can deploy malware or ransomware on the affected systems, causing downtime and disrupting operations.
Thanks to the pro features of s4e.io, businesses can easily and quickly learn about vulnerabilities in their digital assets. With its advanced penetration testing tools and real-time alerts, businesses can stay one step ahead of attackers and protect their network from potential threats. Don't wait until it's too late – secure your systems today with s4e.io.
REFERENCES
- http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013