Security News > 2023 > February > Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
2023-02-23 15:02

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023.

Tracked as CVE-2022-47966, the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers.

As many as 24 different products, including Access Manager Plus, ADManager Plus, ADSelfService Plus, Password Manager Pro, Remote Access Plus, and Remote Monitoring and Management, are affected by the issue.

The shortcoming "Allows unauthenticated remote code execution due to usage of an outdated third-party dependency for XML signature validation, Apache Santuario," Bitdefender's Martin Zugec said in a technical advisory shared with The Hacker News.

A majority of the attack victims are located in Australia, Canada, Italy, Mexico, the Netherlands, Nigeria, Ukraine, the U.K., and the U.S. The main objective of the attacks detected to date revolves around deploying tools on vulnerable hosts such as Netcat and Cobalt Strike Beacon.

Some intrusions have leveraged the initial access to install AnyDesk software for remote access, while a few others have attempted to install a Windows version of a ransomware strain known as Buhti.


News URL

https://thehackernews.com/2023/02/experts-sound-alarm-over-growing.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2022-47966 Unspecified vulnerability in Zohocorp products
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
network
low complexity
zohocorp
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Manageengine 9 0 3 4 3 10
Zoho 4 0 3 4 0 7