Security News > 2022 > September > CISA warns of critical ManageEngine RCE bug used in attacks
The Cybersecurity and Infrastructure Security Agency has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited in the wild.
"The exploit POC for the above vulnerability is available in public," ManageEngine warned customers in July when it issued security patches to address this issue.
After being added to CISA's Known Exploited Vulnerabilities catalog, all Federal Civilian Executive Branch Agencies agencies now must patch their systems against this bug exploited in the wild according to a binding operational directive issued in November.
Even though BOD 22-01 applies to U.S. FCEB agencies only, the U.S. cybersecurity agency also strongly urged all organizations from private and public sectors worldwide to prioritize patching this bug.
Between August and October 2021, ManageEngine servers have also been attacked by nation-state hackers using tactics and tooling similar to those deployed in attacks by the Chinese-linked APT27 hacking group.
Following these campaigns, the FBI and CISA issued two joint advisories warning of APT actors exploiting ManageEngine flaws to drop web shells on the networks of critical infrastructure orgs, including healthcare, electronics, financial services, and IT consulting industries.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)