Patch Now: Exploitation of Critical Vuln in Zoho ManageEngine Products

January 19th, 2023

A critical pre-authentication remote code execution vulnerability has been reported in Zoho ManageEngine (CVE-2022-47966). The vulnerability is due to the usage of an outdated third-party dependency – Apache Santuario. Rapid7 advised that exploitation was seen impacting at least 24 on-premises ManageEngine products. Horizon3.ai researchers have already created a Proof-of-Concept exploit that is publicly available.

This ManageEngine Advisory is a PATCH NOW situation. We recommend MSPs search managed environments for affected software and apply relevant updates immediately.

-Kaseya Vulnerability Management Team

Security Advisories Archives

All
2023
2022

RSS Feed

To View the RSS Feed of our advisory postings, please input this link into your feed reader.

audIT

Powered Services Pro

BMS

ConnectBooster

Datto Autotask PSA

BMS

Datto Autotask PSA

Vorex

BullPhish ID

Dark Web ID

Datto Autotask PSA

Datto Backup Appliances

Datto Backup for Microsoft Azure

Datto RMM

Datto Secure Edge

IT Glue

Managed SOC

VSA

vPenTest

Datto Backup Appliances

Unitrends Backup Appliances

Datto Backup for Microsoft Azure

Unitrends Backup for Microsoft Azure

Datto Edge Routers

Datto Secure Edge

Datto Switches

Datto WiFi

Datto Endpoint Backup with Disaster Recovery

Datto File Protection

Unitrends Endpoint Backup with Disaster Recovery

Datto RMM

VSA

Traverse

Graphus

IT Glue

MyGlue

Network Glue

Network Detective Pro

vPenTest

Datto Networking and VSA 10: Your Shortcut to Smarter Networks

What Is Allowlisting?

Automating Foundational Cybersecurity with VSA

Security Advisory

Patch Now: Exploitation of Critical Vuln in Zoho ManageEngine Products