id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741 severity: critical description: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. remediation: | Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine ServiceDesk Plus. reference: - https://www.cisa.gov/uscert/ncas/alerts/aa21-336a - https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/ - https://github.com/horizon3ai/CVE-2021-44077 - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_servicedesk_plus_cve_2021_44077.rb - https://nvd.nist.gov/vuln/detail/CVE-2021-44077 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-44077 cwe-id: CWE-306 epss-score: 0.97194 epss-percentile: 0.99752 cpe: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:* metadata: max-request: 1 vendor: zohocorp product: manageengine_servicedesk_plus tags: rce,kev,msf,cve,cve2021,zoho,manageengine http: - method: GET path: - "{{BaseURL}}/RestAPI/ImportTechnicians" matchers-condition: and matchers: - type: word words: - '