logo
DATABASE RESOURCES PRICING ABOUT US

ManageEngine ServiceDesk Plus Remote Code Execution Exploit

Description

This Metasploit module exploits CVE-2021-44077, an unauthenticated remote code execution vulnerability in ManageEngine ServiceDesk Plus, to upload an EXE (msiexec.exe) and execute it as the SYSTEM account. Note that build 11305 is vulnerable to the authentication bypass but not the file upload. The module will check for an exploitable build.


Related