Skip to main content

Active Exploitation of Zoho ManageEngine RCE Vulnerability CVE-2022-35405

CISA have announced that a critical vulnerability affecting Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus is being actively exploited

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

CISA have announced that a critical vulnerability affecting Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus is being actively exploited


Threat details

Introduction

In August 2022, ManageEngine released a security update to address a critical remote code execution (RCE) vulnerability affecting their Privileged Access Management product line, which includes PAM360, Password Manager Pro, and Access Manager Plus. The vulnerability CVE-2022-35405 has a CVSSv3 score of 9.8, and could allow an unauthenticated, remote attacker to execute remote code and take control of an affected system. 

Exploitation in the wild for CVE-2022-35405

A Proof-of-Concept (PoC) was released and CISA has added this vulnerability to the Known Exploited Vulnerabilities Catalog list.


Remediation advice

Affected organisations should review ManageEngine's security advisory for PAM360, Password Manager Pro, and Access Manager Plus remote code execution vulnerability CVE-2022-35405 and apply relevant security updates.



Last edited: 23 September 2022 11:37 am