Zoho ManageEngine RCE Vulnerability
Multiple Zoho ManageEngine products exploited in the wild
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus, Password Manager Pro and ADSelfService Plus, allow remote code execution due to the usage of an outdated third party dependency, Apache Santuario. Successful exploitation could lead to remote code execution and evidence of exploitation in the wild by Advanced Persistent Threat (APT) Groups. Learn More »
Common Vulnerabilities and Exposures
Background
ManageEngine’s products are widely used across enterprises with broad suite of IT management software which perform several important business functions. Previously in 2021, we saw a different vulnerability, Zoho ManageEngine ServiceDesk Plus (CVE-2021-44077) exploited in the wild. Full Outbreak Report can be read here: https://www.fortiguard.com/outbreak-alert/zoho-exploit
Threat Radar Overall Score: 4.4
CVSS Rating | 9.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.37% | |
FortiGuard Telemetry | 6816 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Jan 20, 2023: FortiGuard Labs released a Threat Signal Report on Proof-of-Concept Released for Zoho ManageEngine RCE vulnerability (CVE-2022-47966).
https://www.fortiguard.com/threat-signal-report/4954/
Jan 23,2023: FortiGuard Labs released an IPS signature (ID: 52571) to detect and block any attack attempts targeting CVE-2022-47966.
Jan 23, 2023: CISA added CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog (KEV)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
April 18, 2023: Microsoft Threat Intelligence linked Mint Sandstorm, an Iranian government-backed threat actor to exploit Zoho ManageEngine vulnerability to gain initial access and targeting of US critical infrastructure.
https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/
FortiGuard Labs recomends organizations using any of the affected products listed in ManageEngine’s advisory to update immediately as exploit code is publicly available and exploitation is in the wild.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Web App Security
-
IOC
-
Outbreak Detection
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
IPS Detects and blocks attack attemtps related to Zoho ManageEngine RCE Vulnerability (CVE-2022-47966)
Web App Security Detects and blocks attack attemtps related to Zoho ManageEngine RCE Vulnerability (CVE-2022-47966)
Outbreak Detection
Assisted Response Services Experts to assist you with analysis, containment and response activities.
FortiRecon: ACI
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.