• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Zoho ManageEngine Vulnerability

Released: Dec 07, 2021

Download PDF »

Zoho Exploit

High Severity

Zoho Vendor

Vulnerability Type

An unauthenticated RCE in ManageEngine ServiceDesk Plus

APT Actors are actively exploiting Zoho ManageEngine ServiceDesk Plus which is an IT help desk software with asset management. The exploit is tracked via CVE-2021-44077 and rated critical due to its capability for unauthenticated remote code execution (RCE). Learn More »

Common Vulnerabilities and Exposures

CVE-2021-44077
CVE-2021-40539

Background

The ManageEngine ServiceDesk Plus released a security advisory on authentication bypass vulnerability.

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 92/100
Known Exploited Yes
Exploit Prediction Score 97.5%
FortiGuard Telemetry 21616

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Dec 2: CISA and FBI released an alert on active exploitation
https://us-cert.cisa.gov/ncas/current-activity/2021/12/02/cisa-and-fbi-release-alert-active-exploitation-cve-2021-44077-zoho
https://us-cert.cisa.gov/ncas/alerts/aa21-336a
Dec 6: FortiGuard Labs published a threat signal report
https://www.fortiguard.com/threat-signal-report/4329/joint-cybersecurity-advisory-on-attacks-exploiting-zoho-manageengine-servicedesk-plus-vulnerability-cve-2021-44077


On 2nd of December 2021, CISA has announced active exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus. Based on FortiGuard statistics from the last few days, Malware using this vulnerability is active in the wild.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • AV (Pre-filter)

  • IPS

DETECT

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
49a6f77d380512b274baff4f78783f54cb962e2a8a5e238... file Active
068d1b3813489e41116867729504c40019ff2b1fe32aab4... file Active
5fcc9f3b514b853e8e9077ed4940538aba7b3044edbba28... file Active
7e4038e18b5104683d2a33650d8c02a6a89badf30ca9174... file Active
805b92787ca7833eef5e61e2df1310e4b6544955e812e60... file Active
3da8d1bfb8192f43cf5d9247035aa4445381d2d26bed981... file Active
3f868ac52916ebb6f6186ac20b20903f63bc8e9c460e241... file Active
b2a29d99a1657140f4e254221d8666a736160ce960d0655... file Active
a44a5e8e65266611d5845d88b43c9e4a9d84fe074fd18f4... file Active
75574959bbdad4b4ac7b16906cd8f1fd855d2a7df8e6390... file Active
5b8c307c424e777972c0fa1322844d4d04e9eb200fe9532... file Active
3c90df0e02cc9b1cf1a86f9d7e6f777366c5748bd3cf407... file Active
ce310ab611895db1767877bd1f635ee3c4350d6e17ea28f... file Active
5475aec3b9837b514367c89d8362a9d524bfa02e75b85b4... file Active
b4162f039172dcb85ca4b85c99dd77beb70743ffd2e6f9e... file Active
149.248.11.205 ip Active
199.188.59.192 ip Active
140.82.17.161 ip Active
45.77.121.232 ip Active
45.76.173.103 ip Active
149.28.93.184 ip Active
45.63.62.109 ip Active
66.42.98.156 ip Active
24.64.36.238 ip Active
bb4765855d2c18c4858dac6af207a4b33e70c090857ba21... file Active
e5edd4f773f969d81a09b101c79efe0af57d72f19d5fe71... file Active
79e3f4ef28ab6f118c839d01a404cccae56f4067f3f2d2a... file Active
a2da9eeb47a0eef4a93873bcc595f8a133a927080a2cd0d... file Active
d1d43afd8cab512c740425967efc9ed815a65a8dad647a4... file Active
ae93e2f0b3d0864e4dd8490ff94abeb7279880850b22e86... file Active
b0a3ee3e457e4b00edee5746e4b59ef7fdf9b4f9ae2e61f... file Active
bec067a0601a978229d291c82c35a41cd48c6fca1a3c650... file Active
1e031d0491cff504e97a5de5308f96dc540d55a34beb5b3... file Active
f757d5698fe6a16ec25a68671460bd10c6d72f972ca3a2c... file Active
322368e7a591af9d495406c4d9b2461cd845d0323fd2be2... file Active
67ee552d7c1d46885b91628c603f24b66a9755858e09874... file Active
ecd8c9967b0127a12d6db61964a82970ee5d38f82618d5d... file Active
0b2b9a2ac4bff81847b332af18a8e0705075166a137ab24... file Active
11b2b719d6bffae3ab1e0f8191d70aa1bade7f599aeadb7... file Active
3ea2bf2a6b039071b890f03b5987d9135fe4c036fb77f47... file Active
607a2ce7dc2252e9e582e757bbfa2f18e3f3864cb4267cd... file Active
7e9cf2a2dd3edac92175a3eb1355c0f5f05f47b7798e206... file Active
80ed7984a42570d94cd1b6dcd89f95e3175a5c4247ac245... file Active
a5b9ac1d0350341764f877f5c4249151981200df0769a38... file Active
bb48438e2ed47ab692d1754305df664cda6c518754ef9a5... file Active
bee2fe0647d0ec9f2f0aa5f784b122aaeba0cddb39b08e3... file Active
cd28c7a63f91a20ec4045cf40ff0f93b336565bd504c953... file Active
ebe926f37e7188a6f0cc85744376cdc672e495607f85ba3... file Active
05ba2df0033e3cd5b987d66b6de545df439d338a20165c0... file Active
a5ad3355f55e1a15baefea83ce81d038531af516f477160... file Active
45.227.253.99 ip Active
185.156.74.27 ip Active
206.189.238.130 ip Active
157.245.246.85 ip Active
103.224.116.98 ip Active
111.126.218.45 ip Active
112.49.92.234 ip Active
113.2.174.149 ip Active
113.25.10.69 ip Active
113.25.2.136 ip Active
117.162.164.55 ip Active
125.79.201.69 ip Active
139.162.2.70 ip Active
140.249.254.251 ip Active
171.8.217.156 ip Active
172.86.75.152 ip Active
182.138.144.147 ip Active
221.178.124.233 ip Active
221.178.126.191 ip Active
221.178.127.152 ip Active
222.67.12.181 ip Active
39.128.220.139 ip Active
39.144.14.38 ip Active
39.144.17.62 ip Active
39.144.4.160 ip Active
39.144.4.66 ip Active
39.144.5.87 ip Active
45.14.71.12 ip Active
49.81.61.251 ip Active
58.221.37.66 ip Active
59.163.248.162 ip Active
67.227.206.162 ip Active
23.225.195.20 ip Active
147.182.145.37 ip Active
23.225.195.44 ip Active
172.86.120.248 ip Active
45.227.253.98 ip Active
45.227.253.106 ip Active
45.227.253.107 ip Active
8cbe32f31befe7c4169f25614afd1778006e4bda6c60915... file Active
2b40a804a6fc99f6643f8320d2668ebd2544f3483370130... file Active
41c9080f9c90e00a431b2fb04b461584abe68576996379a... file Active
951fad30e91adae94ded90c60b80d29654918f90e76b054... file Active
a891d24823796a4ffa2fac76d92fec2c7ffae1ac1c3665b... file Active
c7a930f1ca5670978aa6d323d16c03a97d897c77f5cff68... file Active
d0268d29e6d26d726adb848eff991754486880ebfd7afff... file Active
f1e2a7f5fd6ee0c21928b1cae6e66724c4537052f8676fe... file Active
fb128dbd4e945574a2795c2089340467fcf61bb3232cc08... file Active
128.90.170.115 ip Active
128.90.173.138 ip Active