Security News > 2020 > March > Hackers Exploiting Recently Patched ManageEngine Desktop Central Vulnerability
A recently disclosed vulnerability affecting Zoho's ManageEngine Desktop Central endpoint management solution is already being exploited in attacks.
Researcher Steven Seeley of Source Incite last week decided to disclose a critical Desktop Central vulnerability that can be exploited by a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.
The attackers are apparently exploiting the Desktop Central vulnerability to drop malware.
AlienVault noted that a server involved in the exploitation of the Desktop Central flaw was also spotted attempting to exploit CVE-2019-19781, a recently patched vulnerability affecting Citrix products, and possibly CVE-2019-1653, a security hole affecting Cisco routers.
According to a researcher from Microsoft, a loader delivered in an attack exploiting the Desktop Central vulnerability has been primarily used by a China-linked threat actor known as Barium and Winnti.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2019-19781 | Path Traversal vulnerability in Citrix products An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. | 9.8 |
| 2019-01-24 | CVE-2019-1653 | Information Exposure vulnerability in Cisco Rv320 Firmware and Rv325 Firmware A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. | 7.5 |