Security News > 2021 > December > CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability
The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.
Tracked as CVE-2021-44077, the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to, and including, 11305 that if left unfixed "Allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files," CISA said.
"A security misconfiguration in ServiceDesk Plus led to the vulnerability," Zoho noted in an independent advisory published on November 22.
CVE-2021-44077 is also the second flaw to be exploited by the same threat actor that was formerly found exploiting a security shortcoming in Zoho's self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus to compromise at least 11 organizations, according to a new report published by Palo Alto Networks' Unit 42 threat intelligence team.
"Most notably, between October 25 and November 8, the actor shifted attention to several organizations running a different Zoho product known as ManageEngine ServiceDesk Plus.".
Over the past three months, at least two organizations have been compromised using the ManageEngine ServiceDesk Plus flaw, a number that's expected to climb further as the APT group ramps up its reconnaissance activities against technology, energy, transportation, healthcare, education, finance, and defense industries.
News URL
https://thehackernews.com/2021/12/cisa-warns-of-actively-exploited.html
Related news
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-29 | CVE-2021-44077 | Missing Authentication for Critical Function vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. | 9.8 |