CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

Vulnerability of Zoho ManageEngine

On Thursday, the US Cybersecurity and Infrastructure Security Agency (CISA) added a recently disclosed security flaw in Zoho ManageEngine to its known exploited vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

“Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows remote code execution,” the agency said in an advisory.

cyber security

The critical vulnerabilityfollowed as CVE-2022-35405is rated 9.8 out of 10 for severity on the CVSS rating system and has been fixed by Zoho as part of updates released on June 24, 2022.

Although the exact nature of the flaw remains unknown, the India-based enterprise solutions company said it fixed the issue by removing vulnerable components that could lead to remote execution of arbitrary code.

Zoho also warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability, making it imperative that customers act quickly to upgrade instances of Password Manager Pro, PAM360, and Access Manager Plus. as soon as possible.

In light of active exploitation in the wild, Federal Civilian Executive Branch (FCEB) agencies are required to apply vendor-supplied patches by October 13, 2022.

You may also like

Leave a Comment

About Us

Times Global Will keep you updated To the Latest News Around The Globe..

Feature Posts


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Subscribe To our Newsletter

Join our subscribers list and get Latest News directly to your inbox.