Security News > 2020 > March > Critical Zoho Zero-Day Flaw Disclosed

UPDATE. A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems.

Zoho has now released a security update addressing the vulnerability.

The vulnerability, first reported by ZDNet, exists in Zoho ManageEngine Desktop Central, an endpoint management tool to help users manage their servers, laptops, smartphones, and more from a central location.

According to Seeley, who also posted a PoC attack for the flaw on Twitter, the vulnerability ranks 9.8 out of 10.0 on the CVSS scale, making it critical in severity.

Seeley told Threatpost that he didn't contact Zoho before disclosing the vulnerability due to negative previous experiences with the company regarding vulnerability disclosure.

News URL

https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/