Zoho ManageEngine ServiceDesk Plus authentication bypass vulnerability was exploited in the wild, the vulnerability number is CVE-2021-44077, the vulnerability level is severe. This vulnerability affects both Zoho ManageEngine ServiceDesk Plus and Zoho ManageEngine ServiceDesk Plus MSP.
The company explained: “This vulnerability allows an attacker to gain unauthorized access to the application’s data through a few of its application URLs. To do so, an attacker has to manipulate any vulnerable application URL path from the assets module with a proper character set replacement.
This URL can bypass the authentication process and fetch the required data for the attacker, allowing the attacker to gain unauthorized access to user data or carry out subsequent attacks.”
|
Current version |
Version or service pack with the fix |
|
From 11138 till 11145 |
|
|
From 11200 till 11305 |
“Successful exploitation of the vulnerability allows an attacker to upload executable files and place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files,” the Cybersecurity and Infrastructure Security Agency (CISA) warns
In this regard, we recommend that users upgrade Zoho ManageEngine ServiceDesk Plus/ServiceDesk Plus MSP to the latest version in time.
