Get in Touch
Critical Security Vulnerability in Zoho ManageEngine Products
Overview
On Monday 17th January 2022, Enterprise software maker Zoho issued patches and configuration guidance for a critical security vulnerability in their ManageEngine Desktop Central and ManageEngine Desktop Central MSP products which a remote adversary could exploit to perform unauthorised actions in affected servers.
Impact
Threat actors have been seen compromising Desktop Central servers using the flaw CVE-2021-44757 by writing arbitrary zip files to, and reading data from, the vulnerable server.
Products Affected
The flaw affects Zoho ManageEngine Desktop Central software for both enterprise customers and managed service providers.
Containment, Mitigations & Remediation
ManageEngine advises customers to update their installations to the latest build (version 10.1.2137.9) as soon as possible and to configure their environment in-line with Zoho’s guidance.
Indicators of Compromise
There are no indicators of compromise at this time.
Threat Landscape
Zoho has become a prime target for threat actors with several critical vulnerabilities being identified in the last 2 months alone, and a total of 66 critical vulnerabilities being disclosed throughout 2021 as active exploits have been discovered.
Mitre Methodologies
[T1505] – Server Software Component: Web Shell
[T1548.002] – Abuse Elevation Control Mechanism: Bypass User Account Control
Further Information
Vulnerabilities (CVE)
Bleeping Computer – Zoho plugs another critical security hole in Desktop Central
The Hacker News – Zoho Releases Patch For Critical Flaw