Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Weaponized ManageEngine flaw poses ‘serious risk’ to high-profile US targets – CISA

Cyber-attackers have begun exploiting a newly discovered security vulnerability in ManageEngine, a self-service password management and single sign-on package.

A run of attacks on the CVE-2021-40539 vulnerability has prompted the US Cybersecurity and Infrastructure Security Agency (CISA), the US Coast Guard, and the FBI to push out a joint alert urging enterprises to apply recently released patches.

CVE-2021-40539 presents a critical authentication bypass risk affecting REST API URLs that could enable remote code execution”.

Echoes of SolarWinds

Worse yet, the flaws in the vulnerable ManageEngine ADSelfService Plus component pose a “serious risk to critical infrastructure companies” – not least because this sort of vulnerability is fodder for well-resourced state-sponsored attackers.

Although not mentioned in the CISA’s alert, the agency is clearly worried there’s a potential that the vulnerability could inflict damage comparable to that wrought via the infamous 2019-20 SolarWinds Orion flaws.

The SolarWinds vulnerabilities were the focus of supply chain attacks ultimately aimed at US government agencies and blamed on Russian government-backed attackers.

The CISA alert makes it clear that attacks based on the recently discovered ManageEngine vulnerability are already taking place across multiple targets in many sensitive industries:

APT cyber actors have targeted academic institutions, defense contractors, and critical infrastructure entities in multiple industry sectors – including transportation, IT, manufacturing, communications, logistics, and finance. Illicitly obtained access and information may disrupt company operations and subvert US research in multiple sectors.

The route to attack is already tried and tested. “Successful compromise of ManageEngine ADSelfService Plus, via exploitation of CVE-2021-40539, allows the attacker to upload a .zip file containing a JavaServer Pages (JSP) webshell masquerading as an x509 certificate: service.cer.

“Subsequent requests are then made to different API endpoints to further exploit the victim’s system,” CISA added.

Successful exploitation would allow an attacker to pop webshells, opening the door to all manner of malfeasance including, but likely not limited to, compromising administrator credentials, conducting lateral movement, and stealing system files.

Zoho, the firm that develops and markets ManageEngine technology, released updates on September 6.

Enterprise users should carry out triage on systems running the platform and either upgrade to ADSelfService Plus build 6114 (the best option) or keep earlier systems off the internet and check for potential indicators of compromise – assuming patching is not an immediate possibility.

The CISA alert offers a rundown on indications of compromise and other information designed to help sysadmins.

Source: https://portswigger.net/daily-swig/weaponized-manageengine-flaw-poses-serious-risk-to-high-profile-us-targets-cisa

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Cyber Security

The administration and its private sector partners announced a slate of new initiatives on Monday aimed at protecting the nation’s school systems and their...

Cyber Security

The plan includes measures for improving cybersecurity knowledge at all levels of education and improving how the federal government attracts, hires and pays cybersecurity...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO