id: CVE-2021-44077 info: name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution author: Adam Crosser,gy741 severity: critical description: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. reference: - https://www.cisa.gov/uscert/ncas/alerts/aa21-336a - https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/ - https://github.com/horizon3ai/CVE-2021-44077 - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_servicedesk_plus_cve_2021_44077.rb - https://nvd.nist.gov/vuln/detail/CVE-2021-44077 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-44077 cwe-id: CWE-287 tags: rce,kev,msf,cve,cve2021,zoho,manageengine requests: - method: GET path: - "{{BaseURL}}/RestAPI/ImportTechnicians" matchers-condition: and matchers: - type: word words: - '