CISA adds Zoho Manage Engine vulnerability to KEV catalog



Nucleus Security researchers on Friday posted a Blog which explained how the Zoho ManageEngine vulnerability discovered earlier this month was elevated and uploaded to the US Cybersecurity and Infrastructure Security Agency Catalog of known exploited vulnerabilities (KEV).

Ryan Cribelar, the vulnerability research engineer at Nucleus Security who published the blog, said CISA uploaded CVE-2022-35405 Thursday, when the agency determined there was enough evidence that the vulnerability was indeed being exploited in the wild.

Alvaro Muñoz, Security Researcher on GitHub wrote in a blog post on September 9 that CVE-2022-35405 could have executed arbitrary code on vulnerable installations of ManageEngine’s Password Manager Pro, PAM360 access management tool, and Access Manager Plus. In the blog, Muñoz explained that the vulnerability was possible due to a vulnerable version of Apache OFBiz (CVE-2020-9496), an open-source, Java-based enterprise resource planning system.

Muñoz reported CVE-2022-3545 to ManageEngine on June 21 and it was acknowledged the same day. ManageEngine fixed the issue in a new release three days later. MITER then tagged CVE-2022-35405 on July 11.

Bud Broomhead, Managing Director of Viakoo, highlighted three challenges that the Zoho ManageEngine vulnerability presents to security teams:

The first is the race against time. Now that this vulnerability is part of CISA’s KEV catalog and due to the manual nature of checking to see if a system has been compromised, this vulnerability will be exploitable longer than a vulnerability that can be automatically detected and patched.

Second, Broomhead said that while the recommended action is to take a compromised system offline and isolate, the business impact should be assessed before taking a system offline.

Finally, as is often the case with many cloud applications, we rely on open source software. The open source vulnerability on which this exploit is based was discovered in 2020 and could still be actively used in exploits exploiting other applications. Broomhead said this falls under supply chain risk and to minimize these threats organizations should work with suppliers to ensure they are compliant with SOC 2 and other security standards, and can provide a software bill of materials (SBOM) specifically around their use of open source. Software.

“Security teams need to take advantage of automated solutions (especially discovery and remediation) due to the urgency of stopping remote code execution by a malicious actor in their environment,” Broomhead said. “Especially when the applications concerned (password and access management) are linked to identity management and authentication; moving to zero-trust architectures will help minimize the impact of identity management breaches. »

Source link


Comments are closed.