CISA: Zoho ManageEngine RCE Bug Is Under Active ExploitCISA: Zoho ManageEngine RCE Bug Is Under Active Exploit
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.
September 23, 2022
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that a critical Zoho ManageEngine remote code execution (RCE) flaw, first disclosed in June, is now under active attack.
According to Zoho's patch advisory, the bug "could allow remote attackers to execute arbitrary code on affected installations."
Multiple Zoho ManageEngine products are affected, CISA said, including the Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus.
Authentication is not required to exploit the vulnerability in Password Manager Pro and PAM360 products, Zoho added.
CISA has moved to add the Zoho ManageEngine bug to the Known Exploited Vulnerabilities catalog, which indicates the bug (CVE-2022-35405) is both under active exploit and poses a threat to the federal government's systems.
CISA advises federal agencies to apply the vendor patch immediately.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
Build a Case for a Password Manager