Users of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical remote code execution vulnerability that attackers have now started exploiting in the wild. Technical details about the flaw along with a proof-of-concept exploit was released late last week, which will allow more attackers to add this exploit to their arsenal.
“The vulnerability is easy to exploit and a good candidate for attackers to ‘spray and pray’ across the Internet,” researchers with penetration testing firm Horizon3.ai said in a blog post. “This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system. If a user determines they have been compromised, additional investigation is required to determine any damage an attacker has done.”