Furthermore, we have taken steps to incorporate additional security controls and measures wherever required to prevent similar vulnerabilities in the future. Please be informed that this vulnerability (CVE-2022-47966) doesn't pertain to Zoho-branded products, but only ManageEngine products. A public advisory was also issued late last year, encouraging our customers to patch their installations immediately. We released patches for individual products during October-November 2022. The cited CVE-2022-47966 refers to a patched vulnerability that affected multiple ManageEngine branded on-premises (locally installable) software products. ManageEngine representatives wrote in a statement: “Attackers don't need to scour for new exploits or novel techniques when they know that many organizations are vulnerable to older exploits due, in part, to the lack of proper patch management and risk management.” “This vulnerability is another clear reminder of the importance of keeping systems up to date with the latest security patches while also employing strong perimeter defense,” Bitdefender researchers wrote. Other attack groups exploited the vulnerability to install ransomware known as Buhti, post-exploitation tools such as Cobalt Strike and RAT-el, and malware used for espionage. When successful, the threat actors sell the initial access to other threat groups. Some attacks exploited the vulnerability to install tools such as the command line Netcat and, from there, the Anydesk remote login software. Within a day, security firms such as Bitdefender began seeing a cluster of active attacks from multiple threat actors targeting organizations worldwide that still hadn’t installed the security update. In January, roughly two months after ManageEngine patched the vulnerability, security firm Horizon3.ai published a deep dive analysis that included proof-of-concept exploit code. (SAML, as it’s abbreviated, is an open-standard language identity providers and service providers use to exchange authentication and authorization data.) The vulnerability stems from ManageEngine's use of an outdated version of Apache Santuario for XML signature validation. Other products enabled by ManageEngine manage desktops, mobile devices, servers, applications, and service desks.ĬVE-2022-47966 allows attackers to remotely execute malicious code by issuing a standard HTTP POST request that contains a specially crafted response using the Security Assertion Markup Language. Password Manager Pro provides a centralized digital vault for storing all of a network’s password data. AD Manager Plus, for instance, helps admins set up and maintain the Active Directory, the Windows service for creating and deleting all user accounts on a network and delegating system privileges to each one. ManageEngine is the motor that powers a wide range of network management software and appliances that perform core functions. Zero-trust products don’t trust any network devices or nodes on a network and instead actively work to verify they’re safe. Some ManageEngine products and FortiNAC are billed as pilars of zero-trust, meaning they operate under the assumption a network has been breached and constantly monitor devices to ensure they’re not infected or acting maliciously. The second vulnerability, CVE-2022-39952, affects a product called FortiNAC, made by cybersecurity company Fortinet, and was patched last week. It was patched in waves from last October through November. The first, tracked as CVE-2022-47966, is a pre-authentication remote code execution vulnerability in 24 separate products from ManageEngine, a division of Zoho. The vulnerabilities both carry severity ratings of 9.8 out of a possible 10 and reside in two unrelated products crucial in securing large networks. Organizations around the world are once again learning the risks of not installing security updates as multiple threat actors race to exploit two recently patched vulnerabilities that allow them to infect some of the most critical parts of a protected network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |