CyberSecurityBoard
Sponsor Register Login

Exploiting Zoho ManageEngine for Remote Code Execution

Security vulnerabilities in technology software are an ever-present threat to organisations. A prime example of this is the recently discovered vulnerability in the Zoho ManageEngine, a service used by organisations worldwide to manage IT operations. This vulnerability enabled attackers to potentially exploit the Remote Code Execution (RCE) function of the software, which allows execution of malicious code on a system. In this article, we take a look at how this exploit was identified, and how it could be used by malicious hackers. The discovery of this vulnerability was made by a security researcher known as “Gareth Hay”, who found that a misconfigured version of the product stored a copy of a SQL script which could be accessible to attackers. This script contained the source code for the product which could be reverse-engineered to identify vulnerabilities. Upon reverse engineering the source code, Hay found that the server used for authentication left open an arbitrary file inclusion vulnerability which could be exploited to access the application’s files and execute malicious commands. Given the simple fact that the malicious code only needed to be uploaded to the vulnerable server, it could be a very quickly deployed attack. Once the attacker had uploaded the malicious code to the server, they would be able to execute commands of their choice, potentially taking control of the system or gathering confidential information stored on it. Organisations using the Zoho ManageEngine should immediately upgrade to the latest version of the product to minimise the risk of the vulnerability being exploited. Additionally, the system should be regularly monitored for signs of attempted exploitation, such as unusual outbound traffic or changes to the application’s files. Overall, the Zoho ManageEngine RCE vulnerability is yet another example of how seemingly secure systems can be vulnerable to attack. This highlights the importance of regularly patching systems and staying up-to-date with the latest security developments in order to remain safe from malicious attackers.

This Cyber News was published on securityaffairs.com. Publication date: Mon, 23 Jan 2023 08:46:03 +0000


Cyber News related to Exploiting Zoho ManageEngine for Remote Code Execution

Managing Business Security with Zoho and ManageEngine Spray and Pray Attackstitle - Businesses of all sizes can face the threat of malicious attacks, including the "Spray and Pray" technique employed by attackers. This technique involves targeting large numbers of users or organizations with automated attacks in the hopes that at ...
2 years ago Securityweek.com
How To Secure Your ManageEngine Software from Known Exploited Vulnerabilities Catalog - Software providers and IT systems administrators are always looking for ways to keep their networks safe. The ever-evolving threat landscape and increasing sophistication of malicious hackers make security a key concern. Among the many technologies ...
2 years ago Securityaffairs.com
Zoho ManageEngine Flaw - Exploit and POC Details - A serious security flaw has been detected in Zoho ManageEngine, a widely used IT management solution and bug hunters have published a proof of concept (PoC) code on GitHub to demonstrate the exploit. ...
2 years ago Securityaffairs.com
Exploiting Zoho ManageEngine for Remote Code Execution - Security vulnerabilities in technology software are an ever-present threat to organisations. A prime example of this is the recently discovered vulnerability in the Zoho ManageEngine, a service used by organisations worldwide to manage IT operations. ...
2 years ago Securityaffairs.com
How Attackers are Exploiting a Critical Flaw in Many Zoho ManageEngine Products - Cybercriminals are exploiting a critical flaw in many of the popular IT tools provided by software maker Zoho ManageEngine to carry out data breaches and cyber-attacks. The vulnerability was reported to the company late last year and affects its wide ...
2 years ago Csoonline.com
CISA Alerts of ManageEngine Critical Remote Code Execution Vulnerability - The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert on a critical remote code execution (RCE) vulnerability in ManageEngine products and have warned all users to update their systems as soon as possible. ...
2 years ago Bleepingcomputer.com
CVE-2016-82015 - #1: CVE-2016-82014: Operations Manager - An SQL injection flaw was reported to ManageEngine on 2014/08/19 by Andrea Micalizzi (rgod), affecting version 11.3 and 11.4 of ManageEngine OpManager, and said to be patched in version 11.5 on 2014/11/10. ...
55 years ago Tenable.com
CVE-2016-82014 - #1: CVE-2016-82014: Operations Manager - An SQL injection flaw was reported to ManageEngine on 2014/08/19 by Andrea Micalizzi (rgod), affecting version 11.3 and 11.4 of ManageEngine OpManager, and said to be patched in version 11.5 on 2014/11/10. ...
55 years ago Tenable.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
8 months ago Securityaffairs.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
1 year ago Heimdalsecurity.com
CVE-2019-15083 - Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code ...
4 years ago
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
1 year ago Techrepublic.com
CVE-2020-24786 - An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build ...
4 years ago
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com
The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
1 year ago Feeds.dzone.com
'Operation Triangulation' Spyware Attackers Bypass iPhone Memory Protections - The Operation Triangulation attacks are abusing undocumented functions in Apple chips to circumvent hardware-based security measures. A previously undocumented hardware feature within Apple's iPhone System on a Chip allows for exploitation of ...
1 year ago Darkreading.com
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits - The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems. The flaw allows remote code execution and was fixed in late October. Apache's ...
1 year ago Bleepingcomputer.com
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
1 year ago Bleepingcomputer.com
CVE-2022-47966 - Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, ...
4 months ago
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
7 months ago Securityaffairs.com
CVE-2022-35405 - Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.) ...
1 year ago
North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
8 months ago Securityaffairs.com
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
8 months ago Securityaffairs.com
Russia-linked group APT29 likely breached TeamViewer - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Finnish police linked APT31 to the 2021 parliament attack. BianLian group exploits JetBrains TeamCity bugs in ...
7 months ago Securityaffairs.com
Meta releases 'Code Llama 70B', an open-source behemoth to rival private AI development - Meta AI, the company that brought you Llama 2, the gargantuan language model that can generate anything from tweets to essays, has just released a new and improved version of its code generation model, Code Llama 70B. This updated model can write ...
1 year ago Venturebeat.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)