• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • About Us
    • Careers
    • Contact Us
Phone-alt Linkedin
Excite IT, Brace168, and VITCS Merge to Form Excite Cyber: A New Era of Fearless Technology Solutions > Learn more

Common Vulnerabilities and Exposures – October 2022

Critical Zoho ManageEngine RCE Vulnerability

On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated attacker to send a specially crafted XML-RPC request to execute remote code as SYSTEM. This vulnerability can be used by an attacker to receive elevated privileges a target host.

Publicly available proof of concept (PoC) code has been online since August as well as a Metasploit module targeting this specific vulnerability. Brace168 strong recommends patching all Zoho ManageEngine products to their most recent version as a priority.

Recent blog posts

Merger Announcement

Read More »

TikTok bans: why should other social media get a pass?

Read More »

Matter – the new standard in IoT

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

Common Vulnerabilities and Exposures

Read More »

Partner News – KnowBe4

Read More »

Endpoint Detection and Response

Read More »

Partner News – Check Point Harmony Offer

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com