www.cisa.gov
Open in
urlscan Pro
2a02:26f0:6c00:28e::447a
Public Scan
Submitted URL: https://us-cert.cisa.gov/ncas/current-activity/2021/12/02/cisa-and-fbi-release-alert-active-exploitation-cve-2021-44077-zoho
Effective URL: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/02/cisa-and-fbi-release-alert-active-exploitation-cve-2021-...
Submission: On December 13 via api from US — Scanned from DE
Effective URL: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/02/cisa-and-fbi-release-alert-active-exploitation-cve-2021-...
Submission: On December 13 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://search.us-cert.gov/search
<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-xs searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-desktop" name="affiliate" type="hidden" value="us-cert">
<div class="form-group"><label class="sr-only" for="query-desktop">Enter Search Terms(s):</label>
<div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-desktop" name="query" placeholder="Search" type="text">
<div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" data-entity-type="" data-entity-uuid="" src="/sites/default/files/cert/search-icon.png" title="search icon"></button></div>
</div>
</div>
</form>GET https://search.us-cert.gov/search
<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-lg hidden-md searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-mobile" name="affiliate" type="hidden" value="us-cert">
<div class="form-group"><label class="sr-only" for="query-mobile">Enter Search Terms(s):</label>
<div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-mobile" name="query" placeholder="Search" type="text">
<div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" data-entity-type="" data-entity-uuid="" src="/sites/default/files/cert/search-icon.png" title="search icon"></button></div>
</div>
</div>
</form>https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify
<form action="https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify"><label class="visually-hidden" for="email-address-field">Enter your email address</label> <input class="signup-form" id="email-address-field" name="email"
placeholder=" Enter your email address" title="Enter your email address" type="text"><br><input class="btn btn-primary" name="submit" title="Sign up for alerts" type="submit" value="Sign Up"> </form>Text Content
Skip to main content
An official website of the United States government Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS A lock () or https:// means you've safely
connected to the .gov website. Share sensitive information only on official,
secure websites.
Enter Search Terms(s):
CISA.gov Services Report
--------------------------------------------------------------------------------
Toggle navigation
Enter Search Terms(s):
CISA.gov
Services
Report
CERTMAIN MENU
* Alerts and Tips
* Resources
* Industrial Control Systems
* Report
--------------------------------------------------------------------------------
TLP:WHITE
TLP:WHITE
1. National Cyber Awareness System >
2. Current Activity >
3. CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho
ManageEngine ServiceDesk Plus
CISA AND FBI RELEASE ALERT ON ACTIVE EXPLOITATION OF CVE-2021-44077 IN ZOHO
MANAGEENGINE SERVICEDESK PLUS
Original release date: December 02, 2021
CISA and the Federal Bureau of Investigation (FBI) have released a joint
Cybersecurity Advisory identifying active exploitation of a
vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus.
CVE-2021-44077 is an unauthenticated remote code execution vulnerability that
affects all ServiceDesk Plus versions up to, and including, version 11305.
This vulnerability was addressed by the update released by Zoho on September 16,
2021 for ServiceDesk Plus versions 11306 and above. If left unpatched,
successful exploitation of the vulnerability allows an attacker to upload
executable files and place webshells that enable post-exploitation activities,
such as compromising administrator credentials, conducting lateral movement, and
exfiltrating registry hives and Active Directory files. Zoho has set up a
security response plan center(link is external) that provides additional
details, a downloadable tool that can be run on potentially affected systems,
and a remediation guide.
CISA encourages organizations to review the joint Cybersecurity Advisory and
apply the recommended mitigations immediately.
This product is provided subject to this Notification and this Privacy & Use
policy.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.
LATEST ALERTS
* APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Thursday, December 2, 2021
* Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange
and Fortinet Vulnerabilities in Furtherance of Malicious Activities
Wednesday, November 17, 2021
* BlackMatter Ransomware
Monday, October 18, 2021
More Alerts »
RECENT VULNERABILITIES
* VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are
vulnerable to impersonation attacks and AuthValue disclosure
Thursday, December 9, 2021 at 5:06 PM
* VU#999008: Compilers permit Unicode control and homoglyph characters
Tuesday, November 9, 2021 at 11:24 AM
* VU#914124: Arcadyan-based routers and modems vulnerable to authentication
bypass
Thursday, October 7, 2021 at 4:50 PM
* VU#883754: Salesforce DX command line interface (CLI) does not adequately
protect sfdxurl credentials
Tuesday, October 5, 2021 at 10:39 AM
* VU#405600: Microsoft Windows Active Directory Certificate Services can allow
for AD compromise via PetitPotam NTLM relay attacks
Tuesday, October 5, 2021 at 8:07 AM
More Vulnerability Notes »
CONTACT US
(888)282-0870
Send us email(link sends email)
Download PGP/GPG keys
Submit website feedback
SUBSCRIBE TO ALERTS
Receive security alerts, tips, and other updates.
Enter your email address
HSIN
Report
--------------------------------------------------------------------------------
Home Site Map FAQ Contact Us Traffic Light Protocol PCII
Accountability Disclaimer Privacy Policy FOIA No Fear Act
AccessibilityPlain WritingPlug-ins Inspector General The White House
USA.gov
CISA is part of the Department of Homeland Security