Press Release

CVE-2021-44515: ZoHo Patches ManageEngine Zero-Day Exploited in the Wild

ZoHo has released patches for an authentication bypass vulnerability that could lead to remote code execution and has been exploited in the wild. In addition, a patch was released for CVE-2021-44526, another authentication bypass vulnerability in ServiceDesk Plus, a help desk and asset management application. This follows months of reports and alerts regarding active exploitation of two other vulnerabilities in ManageEngine products, CVE-2021-44077 and CVE-2021-40539. The attacks exploiting these vulnerabilities have been linked to advanced persistent threat (APT) groups.

Analysing the vulnerability in-depth Tenable’s Senior Research Engineer, Claire Tills says

“Over recent months, ManageEngine has been targeted in campaigns from multiple threat groups. According to ZoHo, CVE-2021-44515 has been exploited in the wild as a zero-day, making this the third vulnerability this year in ManageEngine to be adopted by threat actors. It’s common to see these sorts of pile-ons after a product has been leveraged in publicized attacks; once it is known that a product or service is vulnerable, threat actors often put it under a microscope to find additional avenues of attack.” — Claire Tills, Senior Research Engineer, Tenable

To find out further about the patch, find Tenable’s detailed analysis here.

Leave a Response