03/12/2021

Zoho managengine ServiceDesk Plus Vulnerability – CVE-2021-44077

Summary

This is an authentication bypass vulnerability in some specific application URLs that allows an attacker to gain access to an organisation’s data on the ServiceDesk Plus application. By manipulating one of these URLs from the assets module with a proper character set replacement, it can be utilised to bypass authentication and grab the data requested by the attacker and allows for further attacks to be carried out.

There is no publicly known proof of concept exploit code for this vulnerability however there is reporting that describes use of this vulnerability by APTs to gain access to of their victims.

Jisc are not currently able to carry out Janet wide scans for this vulnerability.

Vulnerable Versions:

  • Versions 11305 and below

Recommendation(s):

  • Upgrade ServiceDesk Plus application to version 11306
  • Review all files created in ServiceDesk Plus directories since early October 2021

References:

Questions:

If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners