Outbreak Alert

Zoho ManageEngine Vulnerability

Released: Dec 07, 2021

Updated: Dec 08, 2021

Download PDF »

Zoho Exploit

High Severity

Zoho Vendor

Vulnerability Type

An unauthenticated RCE in ManageEngine ServiceDesk Plus

APT Actors are actively exploiting Zoho ManageEngine ServiceDesk Plus which is an IT help desk software with asset management. The exploit is tracked via CVE-2021-44077 and rated critical due to its capability for unauthenticated remote code execution (RCE). Learn More »

Common Vulnerabilities and Exposures

CVE-2021-44077

Background

The ManageEngine ServiceDesk Plus released a security advisory on authentication bypass vulnerability.

Threat Radar Overall Score: -

	CVSS Rating	9.8
	FortiRecon Score	92/100
	Known Exploited	Yes
	Exploit Prediction Score	97.35%
	FortiGuard Telemetry	Analyzing

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Dec 2: CISA and FBI released an alert on active exploitation
https://us-cert.cisa.gov/ncas/current-activity/2021/12/02/cisa-and-fbi-release-alert-active-exploitation-cve-2021-44077-zoho
https://us-cert.cisa.gov/ncas/alerts/aa21-336a
Dec 6: FortiGuard Labs published a threat signal report
https://www.fortiguard.com/threat-signal-report/4329/joint-cybersecurity-advisory-on-attacks-exploiting-zoho-manageengine-servicedesk-plus-vulnerability-cve-2021-44077

On 2nd of December 2021, CISA has announced active exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus. Based on FortiGuard statistics from the last few days, Malware using this vulnerability is active in the wild.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

AV
AV (Pre-filter)
IPS

DETECT

Outbreak Detection
Threat Hunting
Content Update

RESPOND

Assisted Response Services
Automated Response

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Hardening
Vulnerability Management

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

References

Sources of information in support and relation to this Outbreak and vendor.

CISA

Learn More »

Hacker News

Learn More »

NIST

Learn More »

Packet Storm

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Outbreak Alert

Zoho ManageEngine Vulnerability

An unauthenticated RCE in ManageEngine ServiceDesk Plus

Common Vulnerabilities and Exposures

Background

Threat Radar Overall Score: -

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

IOC Threat Activity

References

CISA

Hacker News

NIST

Packet Storm

About FortiGuard Outbreak Alerts

Threat Intelligence
Center