CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

Products You May Like

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

“Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution,” the agency said in a notice.

CyberSecurity

The critical vulnerability, tracked as CVE-2022-35405, is rated 9.8 out of 10 for severity on the CVSS scoring system, and was patched by Zoho as part of updates released on June 24, 2022.

Although the exact nature of the flaw remains unknown, the India-based enterprise solutions company said it addressed the issue by removing the vulnerable components that could lead to the remote execution of arbitrary code.

Zoho has also warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability, making it imperative that customers move quickly to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus as soon as possible.

In light of active exploitation in the wild, Federal Civilian Executive Branch (FCEB) agencies are required to apply the vendor-provided patches by October 13, 2022.

Cyber Security

Products You May Like

Articles You May Like

ISRO’s RH200 Sounding Rocket Registers 200th Consecutive Successful Launch
Spider-Man: Miles Morales PC Review: A ‘Marvellous’ but Pricey Port
34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware
Elon Musk Says Twitter Will Grant ‘General Amnesty’ for Suspended Accounts From Next Week
HP laying off 4,000-6,000 employees globally over the next three years

Leave a Reply

Your email address will not be published. Required fields are marked *