September 23, 2023

Researchers from Horizon3.ai have urged Zoho ManageEngine users to patch their software against a critical security vulnerability tracked CVE-2022-47966 after designing and releasing a PoC exploit code.

Exploit developer James Horseman said the team has successfully reproduced the exploit and is now providing additional insight into the vulnerability to help users determine if they have been compromised.

This vulnerability was patched by Zoho last year, the bug affects multiple Zoho ManageEngine products. It can be exploited over the internet to launch remote code execution exploits if security assertion markup language (SAML) single sign-on (SSO) is enabled or has been enabled before.

Advertisements

With the SYSTEM-level access to the endpoint, attackers are likely to begin dumping credentials via LSASS or leverage existing public tooling to access stored application credentials to conduct lateral movement.

Data from the Shodan, shows that there are thousands of instances of ManageEngine products exposed to the internet with SAML currently enabled.

  • 5255 exposed instances of ServiceDesk Plus, of which 509 have SAML enabled
  • 3105 exposed instances of Endpoint Central, of which 345 have SAML enabled

The company added that organizations that use SAML tend to be larger and more mature and are likely to be higher-value targets for attackers.

ManageEngine products have been a highly targeted by threat actors to gain initial access. So, its been recommended ManageEngine users to follow the advisory and patch it immediately

Tags:

Leave a Reply

You may have missed

SandMan APT Group in action against Telcos

September 22, 2023

Gold Melody IAB Unsunging for Several Years

September 22, 2023

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023
%d bloggers like this: