METASPLOIT-modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2021_40539.rb

METASPLOIT ruby WORKING POC

Exploit for CVE-2021-40539 - ManageEngine ADSelfService Plus CVE-2021-40539

AI Analysis

This Metasploit module exploits CVE-2021-40539, an authentication bypass in ManageEngine ADSelfService Plus, to upload and execute a malicious JAR file, achieving remote code execution as the SYSTEM user if the service runs with elevated privileges.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

Loading exploit code...

Download ZIP Password: eip

Source

Platform Metasploit

Type poc

Platform java

Language ruby

Rank excellent

Files 1

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_adselfservice_plus_cve_2021_40539.rb

Authors

mr_me wvu Antoine Cervoise Wilfried Bécard

Vulnerability

CVE-2021-40539

ManageEngine ADSelfService Plus CVE-2021-40539

CRITICAL KEV

CVSS 9.8