Zoho ManageEngine Vulnerability
An unauthenticated RCE in ManageEngine ServiceDesk Plus
https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529
CVEs: CVE-2021-44077
APT Actors are actively exploiting Zoho ManageEngine ServiceDesk Plus which is an IT help desk software with asset management. The exploit is tracked via CVE-2021-44077 and rated critical due to its capability for unauthenticated remote code execution (RCE).
Background
The ManageEngine ServiceDesk Plus released a security advisory on authentication bypass vulnerability.
Announced
Dec 2: CISA and FBI released an alert on active exploitation Dec 6: FortiGuard Labs published a threat signal report
Latest Developments
On 2nd of December 2021, CISA has announced active exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus. Based on FortiGuard statistics from the last few days, Malware using this vulnerability is active in the wild.
arrow_icon
PROTECT

Countermeasures across the security fabric for protecting assets, data and network from cybersecurity events:

Reconnaissance
Weaponization

Delivery

AV

Blocks exploitation of the Zoho ManageEngine Vulnerability

FortiGate
DB 89.07442
FortiWeb
DB 89.07442
FortiClient
DB 89.07442
FortiSASE
DB 89.07442
FortiMail
DB 89.07442
FortiCASB
DB 89.07442
FortiCWP
DB 89.07442
FortiADC
DB 89.07442
FortiProxy
DB 89.07442
AV (Pre-filter)

Blocks exploitation of the Zoho ManageEngine Vulnerability

FortiEDR
DB 89.07442
FortiSandbox
DB 89.07442
FortiNDR
DB 89.07442

Exploitation

IPS

Blocks exploitation of the Zoho ManageEngine Vulnerability

FortiGate
DB 19.219
FortiSASE
DB 19.219
FortiNDR
DB 19.219
FortiADC
DB 19.219
FortiProxy
DB 19.219
Installation
C2
Action
arrow_icon
DETECT

Find and correlate important information to identify an outbreak, the following updates are available to raise alert and generate reports:

Outbreak Detection

FortiAnalyzer
DB 1.00037
Threat Hunting

FortiAnalyzer
v6.4+
FortiSIEM
v6.4+
Content Update

FortiSIEM
DB 314
arrow_icon
RESPOND

Develop containment techniques to mitigate impacts of security events:

Automated Response

Services that can automaticlly respond to this outbreak.

FortiXDR
Assisted Response Services

Experts to assist you with analysis, containment and response activities.

Incident Response
arrow_icon
RECOVER

Improve security posture and processes by implementing security awareness and training, in preparation for (and recovery from) security incidents:

NOC/SOC Training

Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.

NSE Training
Response Readiness
End-User Training

Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.

Security Awareness & Training
arrow_icon
IDENTIFY

Identify processes and assets that need protection:

Attack Surface Hardening

Check Security Fabric devices to build actionable configuration recommendations and key indicators.

Security Rating
Vulnerability Management

Reduce the attack surface on software vulnerabilities via systematic and automated patching.

FortiDevSec
Additional Resources
CISA
https://www.cisa.gov/uscert/ncas/alerts/aa21-336a
Hacker News
https://thehackernews.com/2021/12/cisa-warns-of-actively-exploited.html
NIST
https://nvd.nist.gov/vuln/detail/CVE-2021-44077
Packet Storm
https://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html

Learn more about FortiGuard Outbreak Alerts