Security News > 2020 > March > Zoho Working on Patch for Zero-Day Vulnerability in ManageEngine Product
Business tools development company Zoho says it's working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product.
"Since Zoho typically ignores researchers, I figured it was OK to share a ManageEngine Desktop Central zero-day exploit with everyone," Seeley wrote on Twitter.
In response to Seeley's tweet, Zoho said it identified the issue and has started working on a patch "With top priority."
A researcher from Microsoft pointed out that Shodan currently lists over 2,300 internet-exposed instances of ManageEngine Desktop Central, which increases the chances of malicious hackers targeting the vulnerability disclosed by Seeley.
"Administration tools, such as Zoho ManageEngine Desktop Central, make for desirable targets," Rick Holland, CISO and VP of strategy at Digital Shadows, told SecurityWeek.
News URL
Related news
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)