Source |
CSO |
Identifiant |
8303547 |
Date de publication |
2023-01-23 13:30:00 (vue: 2023-01-23 22:07:09) |
Titre |
Attackers exploiting critical flaw in many Zoho ManageEngine products |
Texte |
Users of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical remote code execution vulnerability that attackers have now started exploiting in the wild. Technical details about the flaw along with a proof-of-concept exploit was released late last week, which will allow more attackers to add this exploit to their arsenal."The vulnerability is easy to exploit and a good candidate for attackers to 'spray and pray' across the Internet," researchers with penetration testing firm Horizon3.ai said in a blog post. "This vulnerability allows for remote code execution as NT AUTHORITY\SYSTEM, essentially giving an attacker complete control over the system. If a user determines they have been compromised, additional investigation is required to determine any damage an attacker has done."To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
about across add additional allow allows along any applied arsenal article attacker attackers authority been blog candidate click code complete compromised concept control critical damage deployments details determine determines done easy essentially execution exploit exploiting firm flaw full giving good has have here horizon3 internet investigation last late make manageengine many more now over patches penetration please post pray premises products proof read released remote required researchers said should spray started sure system technical testing user users vulnerability week which wild will zoho |
Tags |
Vulnerability
|
Stories |
|
Notes |
★★
|
Move |
|