Flash Notice: Zoho Manage Engine Vulnerability - Patch Now

overview

This week, Zoho disclosed a critical security vulnerability impacting some of their ManageEngine products. CVE-2022-47523 is a SQL injection vulnerability found in Password Manger Pro secure vault, Access Manager Plus privileged session management solution, and PAM360 privileged access management software.  

Zoho’s advisory stated that the vulnerability allows an attacker (with unauthenticated access) to execute custom queries and access the database table entries using the vulnerable request. The SQL injection vulnerability was found in Zoho’s internal framework. Although Zoho did not disclose specifics regarding CVE-2022-47523, the company fixed the flaw by adding proper validation and escaping special characters.  

In recent years, Zoho ManageEngine has been under constant attack. During 2020, Desktop Central was hacked, and the networks of breached organizations were being sold on dark web forums. In the fall of 2021, Chinese-linked nation-state threat actors targeted ManageEngine servers, prompting CISA and the FBI to issue joint advisories with warnings about ManageEngine exploitation.  

Zoho highly recommends that users upgrade to the latest versions of Password Manager Pro, PAM360, and Access Manager Plus by downloading the latest upgrade pack for the products. 

Avertium Recommends applying the appropriate patches for each Zoho product impacted. Please click on the following links for Zoho ManageEngine patch guidance:  

• Password Manager Pro  
• PAM360 
• Access Manger Plus 

indicators of compromise (ioCs)  

At this time, there are no known IoCs associated with CVE-2022-47523. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.  

How Avertium is Protecting Our CUSTOMERS

• Avertium recommends utilizing our service for DFIR (Digital Forensics and Incident Response) to help you rapidly assess, contain, eradicate, and recover from a security incident like a malware attack. 
• Fusion MXDR is the first MDR offering that fuses together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
• Avertium offers VMaaS to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.  
• Minimizing the impact of a successful ransomware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior.