Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Network flaws. Show all posts

Zoho: Patch New ManageEngine Flaw Abused in Attacks ASAP

 

Customers should upgrade their Desktop Central and Desktop Central MSP installations to the latest available version, as per business software supplier Zoho. 

ManageEngine Desktop Central from Zoho is a management tool that allows administrators to automatically apply updates and software across the network and troubleshoot them remotely. Zoho announced that a freshly patched serious issue in its Desktop Central and Desktop Central MSP products is being actively exploited by malicious actors, indicating the third security vulnerability in its products to be exploited in the wild in the last four months. 

The vulnerability, designated CVE-2021-44515, is an authentication bypass flaw that could let an attacker bypass authentication and launch arbitrary code in the Desktop Central MSP server. 

If indicators of the breach being discovered, Zoho recommends doing, "password reset for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine" together with Active Directory administrator passwords. 

"As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible." 

If impacted, the company suggests disconnecting and backing up all essential business information on affected systems from the network, resetting the compromised servers, restoring Desktop Central, and updating it to the most recent release after the installation is complete. The company has also made an Exploit Detection Tool available, which will assist customers in detecting indicators of compromise in their systems. 

A quick search with Shodan revealed over 3,200 ManageEngine Desktop Central machines open to attacks and running on various ports. 

CVE-2021-44515 now joins two previous vulnerabilities, CVE-2021-44077 and CVE-2021-40539, that have been abused to attack critical infrastructure organisations' networks around the world. 

CVE-2021-44077, an unauthenticated, remote code execution vulnerability impacting ServiceDesk Plus, is being abused to drop web shells and carry out a variety of post-exploitation operations as part of a campaign termed "TiltedTemple," according to the US Cybersecurity and Infrastructure Security Agency (CISA).