The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn.

Dark Reading Staff, Dark Reading

January 17, 2023

1 Min Read
Patch on fabric
Source: Arletta Cwalina via Alamy Stock Photo

Ed note: An earlier version incorrectly stated the vulnerability is under active attack. Instead, GreyNoise researchers are tracking any potential attacks.

Several Zoho ManageEngine IT management products require patching against a critical unauthenticated remote code execution (RCE) that researchers warn is ripe for an attack.

On Jan. 10, ManageEngine released an update against the bug, tracked under CVE-2022-47966, blaming it on "... an outdated third party dependence, Apache Santuario."

The security advisory adds that any of the two dozen ManageEngine products impacted are vulnerable if single sign-on is, or has ever been, enabled.

By Jan. 13, researchers at Horizon.ai provided indicators of compromise (IoCs). Now GreyNoise is tracking potential attacks attempting to exploit the RCE.

Once the RCE is used to breach a system, that access could be used to create all sorts of havoc by threat actors, Horizon.ai analysts explained.

"ManageEngine products are some of the most widely used across enterprises and perform business functions such as authentication, authorization, and identity management," the Horizon.ai researchers added. "Given the nature of these products, a vulnerability such as this poses critical risk to organizations allowing attackers initial access if exposed to the internet, and the ability for lateral movement with highly privileged credentials."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights