25 matches found
Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution
Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. id: CVE-2021-40539 info: name: Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution author:...
Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus
CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vuln...
Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus
CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vulner...
Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The findings come from CrowdStrike, which is...
Joint Advisory AA22-279A and Vulristics
Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...
The top 5 most routinely exploited vulnerabilities of 2021
A joint Cybersecurity Advisory, coauthored by cybersecurity authorities of the United States CISA, NSA, and FBI, Australia ACSC, Canada CCCS, New Zealand NZ NCSC, and the United Kingdom NCSC-UK has detailed the top 15 Common Vulnerabilities and Exposures CVEs routinely exploited by malicious cybe...
Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of...
Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks
Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The...
ManageEngine ADSelfService Plus Authentication Bypass / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus CVE-2021-40539', 'Description' = %q This module exploits CVE-2021-40539, a REST API authentication bypass...
Metasploit Wrap-Up
Self-Service Remote Code Execution This week, our own @wvu-r7 added an exploit module that achieves unauthenticated remote code execution in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution for Active Directory. This new module leverages a REST API...
ManageEngine ADSelfService Plus CVE-2021-40539
This module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service. Module Options msf use...
APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the...
Zoho ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)
An authentication bypass vulnerability exists in Zoho ManageEngine ADSelfService Plus. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs
Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...
Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...
ManageEngine ADSelfServicePlus Authentication Bypass (CVE-2021-40539)
Binary data manageengineadselfserviceplusCVE-2021-40539.nbin...
ManageEngine Log360 < Build 5229 REST API Restriction Bypass RCE
Binary data manageenginelog360cve-2021-40539.nbin...
Zoho ManageEngine Password Manager Zero-Day Gets Fix
A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users’ Active Directory AD and cloud accounts. The issue CVE-2021-40539 has been actively exploited in the wild as a zero-day,...
CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539, concerns a REST API...