Actively exploited vulnerability

CVE-2022-47966: Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.

CISA KEV source 23 Jan 2023 added 13 Feb 2023 remediation due

Affected product

Zoho · ManageEngine

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2022-47966.

Bleeping Computer25 Aug 2023

Hackers use public ManageEngine exploit to breach internet org

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations. [...]