[German]The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that hackers are exploiting a critical vulnerability in Zoho's password management solution ManageEngine ADSelfService Plus. The vulnerability allows attackers to take control of the system. The vendor has provided a security update to close the vulnerability.
Advertising
Zoho Corporation is an Indian multinational technology company that makes web-based business tools. It is best known for its Zoho online office suite.
Vulnerability CVE-2021-40539
Security vendor Tenable pointed me in an email to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warning. The CVE-2021-40539 vulnerability exists in Zoho ManageEngine ADSelfService Plus build 6113 and lower. Attacks via exploits have since been discovered in the wild. Zoho has now patched this vulnerability.
Zoho has released a security advisory to fix the critical authentication bypass vulnerability in its ADSelfService Plus solution. This has already been exploited in zero-day attacks in the field. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable REST API URL endpoints. Successful exploitation would result in remote code execution.
Since ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps, an attacker exploiting this vulnerability could use it to further penetrate an organization. Currently, research on ZoomEye indicates that over 2,000 ADSelfService Plus systems have been publicly exposed in recent years, including over 700 in the U.S., 251 in the U.K. and many more in other countries within and outside of Europe. It is important for companies to apply the available patch immediately, Tenable writes. Some details may also be read at Bleeping Computer.
