Security News > 2023 > January > Critical ManageEngine RCE bug now exploited to open reverse shells
A critical remote code execution vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks.
While investigating attacks that led to the compromise of some of its customers' ManageEngine instances, Rapid7 also observed post-exploitation activity.
CISA and the FBI have previously issued joint advisories to warn of state-backed threat actors exploiting ManageEngine flaws to drop web shells on the networks of organizations from multiple critical infrastructure sectors, including healthcare and financial services.
Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now.
Exploit released for critical ManageEngine RCE bug, patch now.
Zoho urges admins to patch severe ManageEngine bug immediately.
News URL
Related news
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- HPE Aruba Networking fixes four critical RCE flaws in ArubaOS (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)