Security News > 2021 > September > FBI and CISA warn of state hackers exploiting critical Zoho bug

FBI and CISA warn of state hackers exploiting critical Zoho bug
2021-09-16 18:11

The FBI, CISA, and the Coast Guard Cyber Command today warned that state-backed advanced persistent threat groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021.

The vulnerability tracked as CVE-2021-40539 was found in the Zoho ManageEngine ADSelfService Plus software, and it allows attackers to take over vulnerable systems following successful exploitation.

This joint security advisory follows a previous warning issued by CISA last week, also alerting of CVE-2021-40539 in the wild attacks that could allow threat actors to execute malicious code remotely on compromised systems.

"The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software," the joint advisory warns.

APT groups behind these attacks have targeted an extensive array of sectors from academic institutions and defense contractors to critical infrastructure entities.

Zoho has released Zoho ManageEngine ADSelfService Plus build 6114, which patches the CVE-2021-40539 vulnerability on September 6.


News URL

https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-exploiting-critical-zoho-bug/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-40539 Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
network
low complexity
zohocorp CWE-706
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoho 4 0 3 4 0 7