Security News > 2023 > January > Exploit released for critical ManageEngine RCE bug, patch now
Proof-of-concept exploit code is now available for a remote code execution vulnerability in multiple Zoho ManageEngine products.
The PoC exploit was tested against ServiceDesk Plus and Endpoint Central, and Horizon3 "Expect this POC to work unmodified on many of the ManageEngine products that share some of their codebase with ServiceDesk Plus or EndpointCentral."
CVE-2022-28219, a critical flaw in Zoho ManageEngine ADAudit Plus that lets attackers compromise Active Directory accounts, CVE-2022-1388, a critical vulnerability allowing remote code execution in F5 BIG-IP networking devices, and CVE-2022-22972, a critical authentication bypass bug in multiple VMware products that can let threat actors gain admin privileges.
Last week, Horizon3 researchers also warned of a potential wave of attacks after the PoC exploit is released since "The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet."
While there are no reports of attacks leveraging this vulnerability and no attempts to exploit it in the wild, threat actors will likely move quickly to develop custom RCE exploits based on Horizon3's PoC code.
Following these and other attacks targeting ManageEngine, CISA and the FBI issued two joint advisories [1, 2] to warn of state-backed attackers exploiting ManageEngine bugs to backdoor critical infrastructure organizations.
News URL
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |
2022-05-05 | CVE-2022-1388 | Unspecified vulnerability in F5 products On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. | 0.0 |
2022-04-05 | CVE-2022-28219 | XXE vulnerability in Zohocorp Manageengine Adaudit Plus Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | 9.8 |