Zoho addressed a critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform. Successful exploitation could result in remote code execution. There are over 2,000 ADSelfService Plus systems publicly accessible in the last several years, including 49 in India. Organisations are urged to apply patches immediately.
Below is a comment from Satnam Narang, staff research engineer, Tenable
“Zoho published a security advisory to address a critical authentication bypass vulnerability in its ADSelfService Plus solution that has been exploited in the wild as a zero-day. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to vulnerable REST API URL endpoints. Successful exploitation would result in remote code execution.
“Because ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps, an attacker that is able to exploit this vulnerability can leverage it to gain further foothold into an organisation.
“At the present moment, some research on ZoomEye suggests that there were over 2,000 ADSelfService Plus systems publicly accessible in the last several years, including 42 in Australia and 49 in India.
“It is important for organisations to apply the available patch immediately.” — Satnam Narang, staff research engineer, Tenable