Check Point Advisories

Zoho ManageEngine ServiceDesk Plus Remote Code Execution (CVE-2021-44077)

Check Point Reference: CPAI-2021-0920
Date Published: 7 Dec 2021
Severity: Critical
Last Updated: Thursday 26 October, 2023
Source:
Industry Reference:CVE-2021-44077
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable? Zoho Corp ManageEngine ServiceDesk Plus 11.1 11138
Zoho Corp ManageEngine ServiceDesk Plus 11.1 11139
Zoho Corp ManageEngine ServiceDesk Plus 11.1 11140
Zoho Corp ManageEngine ServiceDesk Plus 11.1 11141
Zoho Corp ManageEngine ServiceDesk Plus 11.1 11142
Zoho Corp ManageEngine ServiceDesk Plus 11.1 11143
Zoho Corp ManageEngine ServiceDesk Plus 11.1 11144
Zoho Corp ManageEngine ServiceDesk Plus 11.1 11145
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11200
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11201
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11202
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11203
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11204
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11205
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11206
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11207
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11208
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11209
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11210
Zoho Corp ManageEngine ServiceDesk Plus 11.2 11211
Zohocorp ManageEngine ServiceDesk Plus 11.3 11300
Zohocorp ManageEngine ServiceDesk Plus 11.3 11301
Zoho Corp ManageEngine ServiceDesk Plus 11.3 11302
Zoho Corp ManageEngine ServiceDesk Plus 11.3 11303
Zoho Corp ManageEngine ServiceDesk Plus 11.3 11304
Zoho Corp ManageEngine ServiceDesk Plus 11.3 11305
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 and prior
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10500
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10501
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10502
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10503
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10504
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10505
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10506
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10507
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10508
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10509
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10510
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10511
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10512
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10513
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10514
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10515
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10516
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10517
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10518
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10519
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10520
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10521
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10522
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10523
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10524
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10525
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10526
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10527
Zoho Corp ManageEngine ServiceDesk Plus MSP 10.5 10528
Vulnerability Description A remote code execution vulnerability exists in Zoho ManageEngine ServiceDesk Plus. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Protection Overview

This protection detects attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R81 / R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Zoho ManageEngine ServiceDesk Plus Remote Code Execution (CVE-2021-44077) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Zoho ManageEngine ServiceDesk Plus Remote Code Execution (CVE-2021-44077)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK