The Cybersecurity and Infrastructure Security Agency (CISA) and FBI warned about the ongoing exploitation of the recently addressed vulnerability in Zoho’s ManageEngine ServiceDesk Plus product. Tracked as CVE-2021-44077, the unauthenticated remote code execution vulnerability affects all ServiceDesk Plus versions up to and including version 11305.
Successful exploitation of this flaw could allow an attacker to upload executable files and place web shells that enable post-exploitation activities like compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. While there is no information about the attackers behind this exploitation, the FBI and CISA suspect that advanced persistent threat (APT) actors are among those exploiting the vulnerability.
Also Read: CISA, FBI Ask Critical Infrastructure Partners to be Vigilant This Festive Season
While Zoho released the patch for this vulnerability on September 16, 2021, the FBI and CISA stated threat actors have been exploiting the CVE-2021-44077 flaw since October 2021.
The agencies also identified attackers using various tactics, techniques, and procedures (TTPs), including:
The agencies urged organizations to report if they find the existence of any of the following scenarios:
CISA and FBI urged organizations to be vigilant and patch their vulnerable networks with the recent updates.
The post FBI and CISA Warn About Actively Exploited Vulnerability in Zoho appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor