ZoHo has released patches for an authentication bypass vulnerability that could lead to remote code execution and has been exploited in the wild. In addition, a patch was released for CVE-2021-44526, another authentication bypass vulnerability in ServiceDesk Plus, a help desk and asset management application. This follows months of reports and alerts regarding active exploitation of two other vulnerabilities in ManageEngine products, CVE-2021-44077 and CVE-2021-40539. The attacks exploiting these vulnerabilities have been linked to advanced persistent threat (APT) groups.
“Over recent months, ManageEngine has been targeted in campaigns from multiple threat groups. According to ZoHo, CVE-2021-44515 has been exploited in the wild as a zero-day, making this the third vulnerability this year in ManageEngine to be adopted by threat actors. It’s common to see these sorts of pile-ons after a product has been leveraged in publicized attacks; once it is known that a product or service is vulnerable, threat actors often put it under a microscope to find additional avenues of attack.” — Claire Tills, Senior Research Engineer, Tenable
To find out further about the patch, find Tenable’s detailed analysis here.