Security News > 2023 > January > Critical ManageEngine RCE bug now exploited to open reverse shells
A critical remote code execution vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks.
While investigating attacks that led to the compromise of some of its customers' ManageEngine instances, Rapid7 also observed post-exploitation activity.
CISA and the FBI have previously issued joint advisories to warn of state-backed threat actors exploiting ManageEngine flaws to drop web shells on the networks of organizations from multiple critical infrastructure sectors, including healthcare and financial services.
Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now.
Exploit released for critical ManageEngine RCE bug, patch now.
Zoho urges admins to patch severe ManageEngine bug immediately.
News URL
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)