September 26, 2022

TheCyberThrone

Thinking Security ! Always

CISA Adds ZOHO RCE to Exploited Catalog

The U.S. CISA today added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 with a CVSS score 9.8, to its Known Exploited Vulnerabilities Catalog.

The CVE-2022-35405 flaw is a remote code execution vulnerability that impacts Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus.

Advertisements

Affected version

  • Password Manager Pro versions 12100 and below
  • PAM360 versions 5500 and below
  • Access Manager Plus versions 4302 and below

Zoho addressed the issue by removing the vulnerable components and strongly recommends its customers to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus immediately due to the availability of a PoC exploit.

CISA orders federal agencies to fix these vulnerabilities by October 13, 2022.

%d bloggers like this: