Outbreak AlertZoho ManageEngine RCE Vulnerability
Multiple Zoho ManageEngine products exploited in the wild
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus, Password Manager Pro and ADSelfService Plus, allow remote code execution due to the usage of an outdated third party dependency, Apache Santuario. Successful exploitation could lead to remote code execution and evidence of exploitation in the wild by Advanced Persistent Threat (APT) Groups. Learn More »
Common Vulnerabilities and Exposures
Background
ManageEngine’s products are widely used across enterprises with broad suite of IT management software which perform several important business functions. Previously in 2021, we saw a different vulnerability, Zoho ManageEngine ServiceDesk Plus (CVE-2021-44077) exploited in the wild. Full Outbreak Report can be read here: https://www.fortiguard.com/outbreak-alert/zoho-exploit
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 92/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 97.37% |
 |
FortiGuard Telemetry | 6978 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Jan 20, 2023: FortiGuard Labs released a Threat Signal Report on Proof-of-Concept Released for Zoho ManageEngine RCE vulnerability (CVE-2022-47966).
https://www.fortiguard.com/threat-signal-report/4954/
Jan 23,2023: FortiGuard Labs released an IPS signature (ID: 52571) to detect and block any attack attempts targeting CVE-2022-47966.
Jan 23, 2023: CISA added CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog (KEV)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
April 18, 2023: Microsoft Threat Intelligence linked Mint Sandstorm, an Iranian government-backed threat actor to exploit Zoho ManageEngine vulnerability to gain initial access and targeting of US critical infrastructure.
https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/
FortiGuard Labs recomends organizations using any of the affected products listed in ManageEngine’s advisory to update immediately as exploit code is publicly available and exploitation is in the wild.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Web App Security
-
IOC
-
Outbreak Detection
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.