CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation


The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about cyberattacks on Thursday that target a vulnerability in Zoho ManageEngine that has recently been patched. The enterprise IT software, which Zoho acquired in 2014, offers management functions for identity and access, endpoints, enterprise services, security information and events, and IT operations.

The exploited security hole, identified as CVE-2022-35405 (CVSS score of 9.8), is a remote code execution (RCE) bug affecting ManageEngine Password Manager Pro prior to 12101, ManageEngine PAM360 prior to 5510, and ManageEngine Access Manager Plus prior to 4303.

There is no need for authentication in ManageEngine Password Manager Pro or PAM360 for successful exploitation. However, an attacker who wants to target a ManageEngine Access Manager Plus instance that is vulnerable must be authenticated.

Read More: CISA Warns of Zoho ManageEngine RCE Vulnerability Exploitation

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.