module
ManageEngine ServiceDesk Plus CVE-2021-44077
| Disclosed |
|---|
| Sep 16, 2021 |
Disclosed
Sep 16, 2021
Description
This module exploits CVE-2021-44077, an unauthenticated remote code
execution vulnerability in ManageEngine ServiceDesk Plus, to upload an
EXE (msiexec.exe) and execute it as the SYSTEM account.
Note that build 11305 is vulnerable to the authentication bypass but
not the file upload. The module will check for an exploitable build.
execution vulnerability in ManageEngine ServiceDesk Plus, to upload an
EXE (msiexec.exe) and execute it as the SYSTEM account.
Note that build 11305 is vulnerable to the authentication bypass but
not the file upload. The module will check for an exploitable build.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.