• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Phone-alt Linkedin

Common Vulnerabilities and Exposures – October 2022

Critical Zoho ManageEngine RCE Vulnerability

On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated attacker to send a specially crafted XML-RPC request to execute remote code as SYSTEM. This vulnerability can be used by an attacker to receive elevated privileges a target host.

Publicly available proof of concept (PoC) code has been online since August as well as a Metasploit module targeting this specific vulnerability. Brace168 strong recommends patching all Zoho ManageEngine products to their most recent version as a priority.

Recent blog posts

TikTok bans: why should other social media get a pass?

Read More »

Matter – the new standard in IoT

Read More »

Can we use and trust AI in Cyber Security?

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

Cyber Security Risk in your Supply Chain

Read More »

March 2022 Okta LAPSUS$ security incident

Read More »

Brace168 Products Managed Endpoint & Server Security

Read More »

Hacks – Keep your Operating System safe

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com