Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
CISA: Zoho ManageEngine RCE Bug Is Under Active ExploitCISA: Zoho ManageEngine RCE Bug Is Under Active Exploit
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.
Dark Reading Staff
September 23, 2022
1 Min Read
Source: GK Images via Alamy
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that a critical Zoho ManageEngine remote code execution (RCE) flaw, first disclosed in June, is now under active attack.
According to Zoho's patch advisory, the bug "could allow remote attackers to execute arbitrary code on affected installations."
Multiple Zoho ManageEngine products are affected, CISA said, including the Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus.
Authentication is not required to exploit the vulnerability in Password Manager Pro and PAM360 products, Zoho added.
CISA has moved to add the Zoho ManageEngine bug to the Known Exploited Vulnerabilities catalog, which indicates the bug (CVE-2022-35405) is both under active exploit and poses a threat to the federal government's systems.
CISA advises federal agencies to apply the vendor patch immediately.
About the Author(s)
More Insights
Webinars
Tricks to Boost Your Threat Hunting Game
Nov 06, 2023Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023
