Skip to main content

New Campaign Exploiting ManageEngine ServiceDesk Plus Vulnerability - CVE-2021-44077

Background

On Thursday, December 2, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigations (FBI) reported a new campaign targeting ManageEngine ServiceDesk Plus servers that are vulnerable to CVE-2021-44077. Security Researchers at Palo Alto Networks have linked the threat group behind this campaign to the same group exploiting ManageEngine AdSelfService Plus

CVE ID

CVSS Score V3

CVSS Criticality

Type

Description

CVE-2021-44077

9.8

Critical

Remote Code Execution

Zoho ManageEngine ServiceDesk Plus Remote Code Execution

Analysis

CVE-2021- 44077

CVE-2021-44077 is an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus affecting all versions of ServiceDesk Plus up to, and including, version 11305.

Following initial exploitation of CVE-2021-44077 on a targeted system, the threat actors have been observed uploading executable files and placing web shells that enable post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.

Solutions and Recommendations

Our primary recommendation is to first determine if you are running affected versions of ManageEngine ServiceDesk Plus.

ManageEngine has indicated in their advisory here that specific versions are affected by this vulnerability. We recommend reviewing the below to determine if you are running any outdated versions of this software in your environment and patch as soon as possible.

Vulnerable Versions: Build 11305 and older

Stable Version: Build 11306 and newer

References

Learn more about Arctic Wolf’s Managed Risk solution or request a demo today.

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar