CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

  /     /     /  
Publicated : 23/11/2024   Category : security


CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit


The bug allows unauthenticated code execution on the companys firewall products, and CISA says it poses significant risk to federal government.



The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that a critical Zoho ManageEngine remote code execution (RCE) flaw, first disclosed in June, is now under active attack. 
According to Zohos
patch advisory
, the bug could allow remote attackers to execute arbitrary code on affected installations. 
Multiple
Zoho ManageEngine products
are affected, CISA said, including the Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. 
Authentication is not required to exploit the vulnerability in Password Manager Pro and PAM360 products, Zoho added.
CISA has moved to
add the Zoho ManageEngine bug to the Known Exploited Vulnerabilities catalog
, which indicates the bug (CVE-2022-35405) is both under
active exploit
 and poses a threat to the federal governments systems. 
CISA advises federal agencies to apply the vendor patch immediately. 

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit