Security News > 2023 > January > Critical ManageEngine RCE bug now exploited to open reverse shells
A critical remote code execution vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks.
While investigating attacks that led to the compromise of some of its customers' ManageEngine instances, Rapid7 also observed post-exploitation activity.
CISA and the FBI have previously issued joint advisories to warn of state-backed threat actors exploiting ManageEngine flaws to drop web shells on the networks of organizations from multiple critical infrastructure sectors, including healthcare and financial services.
Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now.
Exploit released for critical ManageEngine RCE bug, patch now.
Zoho urges admins to patch severe ManageEngine bug immediately.
News URL
Related news
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)