Zoho ManageEngine RCE bug is under active exploitation

by

The US Cybersecurity and Infrastructure Security Agency (CISA) warns that a critical remote code execution (RCE) flaw in Zoho ManageEngine, first disclosed in June, is now under attack active.

According to Zoho patch noticethe bug “could allow remote attackers to execute arbitrary code on affected installations”.

Several Zoho ManageEngine Products are affected, CISA said, including Zoho ManageEngine PAM360, Password Manager Pro and Access Manager Plus.

Authentication is not required to exploit the vulnerability in Password Manager Pro and PAM360 products, Zoho added.

CISA has moved to add Zoho ManageEngine bug to catalog of known exploited vulnerabilitieswhich indicates that the bug (CVE-2022-35405) is both under active feat and poses a threat to federal government systems.

CISA advises federal agencies to apply the vendor patch immediately.

Keep up to date with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly straight to your inbox.

You may also like

Leave a Comment

About Us

Times Global Will keep you updated To the Latest News Around The Globe..

Feature Posts

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Subscribe To our Newsletter

Join our subscribers list and get Latest News directly to your inbox.