Zoho ManageEngine Flaw - Exploit and POC Details

A serious security flaw has been detected in Zoho ManageEngine, a widely used IT management solution and bug hunters have published a proof of concept (PoC) code on GitHub to demonstrate the exploit. The flaw, tracked as CVE-2020-10189, resides in the ManageEngine ServiceDesk Plus and Networks service and allows an attacker to execute arbitrary code remotely, without any authentication process. According to researcher Ankit Anubhav, ManageEngine products are widely used by organizations with over 200,000 customers. “ManageEngine is one of the leading providers of on-premises, cloud, mobile and IoT unified management across IT, security and IT operations, with over 200,000 customers worldwide.” reads the post published by Anubhav. “This blog is a heads-up to the 200k customer-base of ManageEngine ServiceDesk Plus and ManageEngine Network to patch the RCE threat immediately.” The expert discovered the Zoho ManageEngine flaw while digging in the InvokeDirect_PowershellAction operation handler in the DESApplication.dll application. Anubhav reported the flaw to Ivanti’s security team and released an exploit PoC code on GitHub. The PoC code implements an unauthenticated remote code execution attack. “This code will remotely execute the cmd.exe command and will show the result in the UI of the application,” reads the PoC code. The Ivanti security team promptly addressed the issue by releasing security patches. Users need to apply the patch as soon as possible to prevent attack leveraging the vulnerability.

This Cyber News was published on securityaffairs.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000


Cyber News related to Zoho ManageEngine Flaw - Exploit and POC Details

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
4 days ago Aws.amazon.com
Zoho ManageEngine Flaw - Exploit and POC Details - A serious security flaw has been detected in Zoho ManageEngine, a widely used IT management solution and bug hunters have published a proof of concept (PoC) code on GitHub to demonstrate the exploit. ...
1 year ago Securityaffairs.com
Experts released PoC exploit code for RCE in Fortinet SIEM - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Crowdfense is offering a larger 30M USD exploit acquisition program. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. PoC ...
4 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
3 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
3 months ago Securityaffairs.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
3 months ago Securityaffairs.com
How To Secure Your ManageEngine Software from Known Exploited Vulnerabilities Catalog - Software providers and IT systems administrators are always looking for ways to keep their networks safe. The ever-evolving threat landscape and increasing sophistication of malicious hackers make security a key concern. Among the many technologies ...
1 year ago Securityaffairs.com
Managing Business Security with Zoho and ManageEngine Spray and Pray Attackstitle - Businesses of all sizes can face the threat of malicious attacks, including the "Spray and Pray" technique employed by attackers. This technique involves targeting large numbers of users or organizations with automated attacks in the hopes that at ...
1 year ago Securityweek.com
FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
4 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
4 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
4 months ago Securityaffairs.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
4 months ago Securityaffairs.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
3 months ago Securityaffairs.com
Experts found a macOS version of the sophisticated LightSpy spyware - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains TeamCity bugs in ransomware attacks. Experts released PoC exploit for critical ...
4 months ago Securityaffairs.com
Exploiting Zoho ManageEngine for Remote Code Execution - Security vulnerabilities in technology software are an ever-present threat to organisations. A prime example of this is the recently discovered vulnerability in the Zoho ManageEngine, a service used by organisations worldwide to manage IT operations. ...
1 year ago Securityaffairs.com
VMware warns admins of public exploit for vRealize RCE flaw - VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," ...
10 months ago Bleepingcomputer.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
9 months ago Techtarget.com
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
10 months ago Darkreading.com
CVE-2016-82015 - #1: CVE-2016-82014: Operations Manager - An SQL injection flaw was reported to ManageEngine on 2014/08/19 by Andrea Micalizzi (rgod), affecting version 11.3 and 11.4 of ManageEngine OpManager, and said to be patched in version 11.5 on 2014/11/10. ...
54 years ago Tenable.com
CVE-2016-82014 - #1: CVE-2016-82014: Operations Manager - An SQL injection flaw was reported to ManageEngine on 2014/08/19 by Andrea Micalizzi (rgod), affecting version 11.3 and 11.4 of ManageEngine OpManager, and said to be patched in version 11.5 on 2014/11/10. ...
54 years ago Tenable.com
Exploit released for maximum severity Fortinet RCE bug, patch now - Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet's security information and event management solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a ...
4 months ago Bleepingcomputer.com
How Attackers are Exploiting a Critical Flaw in Many Zoho ManageEngine Products - Cybercriminals are exploiting a critical flaw in many of the popular IT tools provided by software maker Zoho ManageEngine to carry out data breaches and cyber-attacks. The vulnerability was reported to the company late last year and affects its wide ...
1 year ago Csoonline.com
CVE-2005-0862 - Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to ...
5 years ago
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
10 months ago Darkreading.com
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
3 days ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)