New Campaign Exploiting ManageEngine ServiceDesk Plus Vulnerability – CVE-2021-44077

Share :


On Thursday, December 2, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigations (FBI) reported a new campaign targeting ManageEngine ServiceDesk Plus servers that are vulnerable to CVE-2021-44077. Security Researchers at Palo Alto Networks have linked the threat group behind this campaign to the same group exploiting ManageEngine AdSelfService Plus.


CVSS Score V3

CVSS Criticality






Remote Code Execution

Zoho ManageEngine ServiceDesk Plus Remote Code Execution


CVE-2021- 44077

CVE-2021-44077 is an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus affecting all versions of ServiceDesk Plus up to, and including, version 11305.

Following initial exploitation of CVE-2021-44077 on a targeted system, the threat actors have been observed uploading executable files and placing web shells that enable post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.

Solutions and Recommendations

Our primary recommendation is to first determine if you are running affected versions of ManageEngine ServiceDesk Plus.

ManageEngine has indicated in their advisory here that specific versions are affected by this vulnerability. We recommend reviewing the below to determine if you are running any outdated versions of this software in your environment and patch as soon as possible.

Vulnerable Versions: Build 11305 and older

Stable Version: Build 11306 and newer


Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.

James Liolios

James Liolios

James Liolios is a Senior Threat Intelligence Researcher at Arctic Wolf, where he keeps a watchful eye on the latest threats and threat actors to understand the potential impact to Arctic Wolf customers. He has a background of 9 years' experience in many areas of cybersecurity, holds a bachelor's degree in Information Security, and is also CISSP certified.
Share :
Table of Contents
Subscribe to our Monthly Newsletter