Exploit for #VU58502 Improper Authentication in Zoho ManageEngine ServiceDesk Plus

Exploit for #VU58502 Improper Authentication in Zoho ManageEngine ServiceDesk Plus

Published: 2021-12-08 | Updated: 2022-09-29

Vulnerability identifier: #VU58502

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-44077

CWE-ID: CWE-287

Exploitation vector: Network

Exploits in database: 3

September 29, 2022
- Golang-CVE-2021-44077-POC (Golang Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus < 11306) [Github]
December 23, 2021
- ManageEngine ServiceDesk Plus CVE-2021-44077 [Metasploit]
December 8, 2021
- CVE-2021-44077 (Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077) [Github]

Impact: Code execution

Vulnerable software:
Zoho ManageEngine ServiceDesk Plus
Web applications / Remote management & hosting panels

Vendor: Zoho Corporation