ManageEngine Zero-Day Flaw Actively Being Exploited

FBI Warns: APT Groups Exploiting Critical Vulnerability in ManageEngine Software

Earlier this month, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory highlighting a newly discovered vulnerability being actively exploited in ManageEngine ServiceDesk Plus, owned by Zoho Corp, an IT help desk and asset management software. This critical remote code execution (RCE) vulnerability, labeled CVE-2021-44077, allows an attacker to upload executable files and place webshells, enabling prolonged persistence potentially resulting in compromised privileged credentials and lateral movement.

The FBI’s cyber division has now issued an alert on another newly identified zero-day flaw on ManageEngine Desktop Central servers. Research now shows this vulnerability being actively exploited since October by state-backed hacking groups, known as advanced persistent threats (APT) actors. Again deemed a critical, this flaw is an authentication bypass vulnerability observed compromising servers, dumping credentials, and performing lateral movement attempts. CISA added CVE-2021-44515 to its Known Exploited Vulnerabilities Catalog and issued a directive requiring all federal agencies to patch before the holiday.

For more details, read the full article here.

This is not the first warning this year from the FBI on ManageEngine. Read our other blog on a previous exploit on ManageEngine ADSelfService Plus.

Check out these relevant resources.

New Survey Finds...

Active Directory forest recovery not taken serious enough. See what else your peers had to say.