Security News > 2021 > December > CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability
2021-12-03 05:34

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.

Tracked as CVE-2021-44077, the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to, and including, 11305 that if left unfixed "Allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files," CISA said.

"A security misconfiguration in ServiceDesk Plus led to the vulnerability," Zoho noted in an independent advisory published on November 22.

CVE-2021-44077 is also the second flaw to be exploited by the same threat actor that was formerly found exploiting a security shortcoming in Zoho's self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus to compromise at least 11 organizations, according to a new report published by Palo Alto Networks' Unit 42 threat intelligence team.

"Most notably, between October 25 and November 8, the actor shifted attention to several organizations running a different Zoho product known as ManageEngine ServiceDesk Plus.".

Over the past three months, at least two organizations have been compromised using the ManageEngine ServiceDesk Plus flaw, a number that's expected to climb further as the APT group ramps up its reconnaissance activities against technology, energy, transportation, healthcare, education, finance, and defense industries.


News URL

https://thehackernews.com/2021/12/cisa-warns-of-actively-exploited.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-11-29 CVE-2021-44077 Missing Authentication for Critical Function vulnerability in Zohocorp products
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.
network
low complexity
zohocorp CWE-306
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Manageengine 9 0 3 4 3 10
Zoho 4 0 3 4 0 7