{"id":21308,"date":"2021-09-10T19:02:35","date_gmt":"2021-09-10T17:02:35","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=21308"},"modified":"2021-09-10T19:03:37","modified_gmt":"2021-09-10T17:03:37","slug":"0-day-angriff-durch-zoho-schwachstelle-patchen-ist-angesagt","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/09\/10\/0-day-angriff-durch-zoho-schwachstelle-patchen-ist-angesagt\/","title":{"rendered":"0-day attack via Zoho vulnerability; patching is required"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/09\/10\/0-day-angriff-durch-zoho-schwachstelle-patchen-ist-angesagt\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that hackers are exploiting a critical vulnerability in Zoho's password management solution ManageEngine ADSelfService Plus. The vulnerability allows attackers to take control of the system. The vendor has provided a security update to close the vulnerability.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/2f616e06434c4e4eb80c4ec804a719c9\" width=\"1\" height=\"1\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Zoho_Corporation\" target=\"_blank\" rel=\"noopener\">Zoho Corporation<\/a> is an Indian multinational technology company that makes web-based business tools. It is best known for its <a href=\"https:\/\/en.wikipedia.org\/wiki\/Zoho_Office_Suite\" target=\"_blank\" rel=\"noopener\">Zoho online office suite<\/a>. <\/p>\n<h2>Vulnerability CVE-2021-40539 <\/h2>\n<p>Security vendor Tenable pointed me in an email to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/09\/07\/zoho-releases-security-update-adselfservice-plus\" target=\"_blank\" rel=\"noopener\">warning<\/a>. The CVE-2021-40539 vulnerability exists in Zoho ManageEngine ADSelfService Plus build 6113 and lower. Attacks via exploits have since been discovered in the wild. Zoho has now patched this vulnerability.<\/p>\n<p>Zoho has released a <a href=\"https:\/\/www.manageengine.com\/products\/self-service-password\/kb\/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html\" target=\"_blank\" rel=\"noopener\">security advisory<\/a> to fix the critical authentication bypass vulnerability in its ADSelfService Plus solution. This has already been exploited in zero-day attacks in the field. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable REST API URL endpoints. Successful exploitation would result in remote code execution.<\/p>\n<p>Since ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps, an attacker exploiting this vulnerability could use it to further penetrate an organization. Currently, <a href=\"https:\/\/twitter.com\/80vul\/status\/1435993388575121412\" target=\"_blank\" rel=\"noopener\">research<\/a> on ZoomEye indicates that over 2,000 ADSelfService Plus systems have been publicly exposed in recent years, including over 700 in the U.S., 251 in the U.K. and many more in other countries within and outside of Europe. It is important for companies to apply the available patch immediately, Tenable writes. Some details may also be read at <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zoho-patches-actively-exploited-critical-adselfservice-plus-bug\/\" target=\"_blank\" rel=\"noopener\">Bleeping Computer<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that hackers are exploiting a critical vulnerability in Zoho's password management solution ManageEngine ADSelfService Plus. The vulnerability allows attackers to take control of the system. The vendor has provided a security &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/09\/10\/0-day-angriff-durch-zoho-schwachstelle-patchen-ist-angesagt\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547],"tags":[69,1544],"class_list":["post-21308","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-security","tag-software"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=21308"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21308\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=21308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=21308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=21308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}