Weaponizing of CVE-2022-47966 Vulnerability Detected

February 23, 2023

Multiple threat actors have been observed weaponizing a now-patched critical security vulnerability, CVE-2022-47966, impacting several Zoho ManageEngine products since January 20, 2023. The remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers, with 24 different products affected. According to Bitdefender's Martin Zugec, the exploitation efforts are said to have commenced the day after a proof-of-concept (PoC) was released last month. Attackers have been observed deploying tools such as Netcat and Cobalt Strike Beacon, as well as AnyDesk software for remote access, and even attempting to install a Windows version of a ransomware strain known as Buhti. Zugec said, "This vulnerability is another clear reminder of the importance of keeping systems up to date with the latest security patches while also employing strong perimeter defense. Attackers don't need to scour for new exploits or novel techniques when they know that many organizations are vulnerable to older exploits due, in part, to the lack of proper patch management and risk management." A majority of the attack victims are located in Australia, Canada, Italy, Mexico, the Netherlands, Nigeria, Ukraine, the U.K., and the U.S.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.