CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

Share on linkedin
Share on facebook
Share on twitter

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are warning of active exploitation of a newly patched flaw in Zoho’s ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.

Tracked as CVE-2021-44077, the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to, and including, 11305 that if left unfixed “Allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files,” CISA said.

“A security misconfiguration in ServiceDesk Plus led to the vulnerability,” Zoho noted in an independent advisory published on November 22.

CVE-2021-44077 is also the second flaw to be exploited by the same threat actor that was formerly found exploiting a security shortcoming in Zoho’s self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus to compromise at least 11 organizations, according to a new report published by Palo Alto Networks’ Unit 42 threat intelligence team.

“Most notably, between October 25 and November 8, the actor shifted attention to several organizations running a different Zoho product known as ManageEngine ServiceDesk Plus.”.

Over the past three months, at least two organizations have been compromised using the ManageEngine ServiceDesk Plus flaw, a number that’s expected to climb further as the APT group ramps up its reconnaissance activities against technology, energy, transportation, healthcare, education, finance, and defense industries.

Stay on Top of Cyber Threats!

Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Follow us on Socials:

Recent Cybersecurity News

483 Crypto.com accounts compromised in $34 million hack

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise...
Read The Article

CISA urges US orgs to prepare for data-wiping cyberattacks

The Cybersecurity and Infrastructure Security Agency urges U.S. organizations to strengthen their cybersecurity...
Read The Article

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware's vSphere service are actively being targeted...
Read The Article

Contact a Specialist

Discover why 1,000+ organizations trust our expertise to improve their cybersecurity.

Stay Updated on Cyber Risks!

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.