In a new joint security advisory, the FBI, CISA and Coast Guard Cyber Command (CGCYBER) are actively exploiting critical flaws in Zoho’s software by state-sponsored Advanced Persistent Threats (APT) groups. I warn the corporate organization that.
The vulnerability itself, which was tracked as CVE-2021-40539, was discovered in Zoho’s ManageEngine ADSelfServicePlus software, which provides both single sign-on and password management capabilities. Exploiting this flaw could allow an attacker to hijack a vulnerable system on a corporate network.
This new joint security advisory warns organizations that security flaws in Zoho’s software could be exploited and exploited, following a similar warning recently issued by CISA.
In a joint security advisory with the FBI and CGCYBER, CISA provides more details about how threat actors are exploiting this vulnerability, stating:
“The exploitation of ManageEngine ADSelfServicePlus poses a serious risk to critical infrastructure companies, US-licensed defense contractors, educational institutions and other entities using the software. Successful exploitation of the vulnerability becomes an attacker. One can deploy a web shell, which allows an attacker to perform post-abuse activities such as compromised administrator credentials, lateral movement, theft of registry hives or Active Directory files. “
An attacker could exploit the ManageEngine ADSelfService authentication bypass vulnerability to deploy a Java Server Pages (JSP) web shell disguised as an X509 certificate.
By deploying this web shell, an attacker can use Windows Management Instrumentation (WMI) to traverse an organization’s network, gain access to a domain controller, and access the NTDS.dit and Security/System registry hives. can dump. can do. bleeding computer..
It is noteworthy that the APT group, which is actively exploiting this vulnerability in the wild, launched attacks targeting organizations in various industries such as education, defence, transportation, IT, manufacturing, telecommunications, logistics and finance. Huh. entitled.
Organizations using Zoho ManageEngine ADSelfService should update their software to the latest version, which was released earlier this month and includes the patch for CVE-2021-40539. The FBI, CISA and CGCYBER also recommend that organizations prevent organizations from accessing ADSelfServicePlus directly from the Internet to prevent them from falling prey to potential attacks that exploit this vulnerability.
Through Bleeping Computer