ManageEngine - Remote Code Execution (CVE-2021-44077)
- Severity
- CVSSv3 Score
- 9.8
- Vulnerability description
ManageEngine ServiceDesk/SupportCenter is affected by a Remote Code Execution vulnerability in the Struts configuration and in the /RestAPI URLs servlet of the hypervisor. By exploiting the CVE-2021-44077 vulnerability, an attacker can bypass the authentication of the console component and afterward upload a shell to the ManageEngine server. This may potentially cause remote code execution, allowing a malicious unauthenticated attacker to execute arbitrary code on the ManageEngine server.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the ManageEngine server to steal confidential information, install ransomware, or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
- Recommendation
Upgrade the ManageEngine server to: a version higher than 11306 for ServiceDesk Plus a version higher than 10530 for ServiceDesk Plus MSP builds a version higher than 11014 for SupportCenter Plus builds.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Nov 2021
- Published at
- Updated at
- Software Type
- Hypervisor
- Vendor
- ManageEngine
- Product
- ServiceDesk, SupportCenter