Security News > 2020 > March > Critical Zoho Zero-Day Flaw Disclosed
UPDATE. A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems.
Zoho has now released a security update addressing the vulnerability.
The vulnerability, first reported by ZDNet, exists in Zoho ManageEngine Desktop Central, an endpoint management tool to help users manage their servers, laptops, smartphones, and more from a central location.
According to Seeley, who also posted a PoC attack for the flaw on Twitter, the vulnerability ranks 9.8 out of 10.0 on the CVSS scale, making it critical in severity.
Seeley told Threatpost that he didn't contact Zoho before disclosing the vulnerability due to negative previous experiences with the company regarding vulnerability disclosure.
News URL
https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/
Related news
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks tackles firewall-busting zero-days with critical patches (source)