Attacks on IT help desk software Zoho ManageEngine Service Desk Plus

Attacks on IT help desk software Zoho ManageEngine Service Desk Plus

The Cybersecurity & Infrastructure Agency (CISA) and the FBI warn of attacks on Zoho ManageEngine Service Desk Plus. If the IT help desk software is used in companies, admins should install the security patch that has been available since mid-September as soon as possible.

The software can be used, for example, to control ticketing processes and manage projects in service portals.

As indicated by a warning message, attackers could successfully exploit the vulnerability (CVE-2021-44077 “critical“) Place back doors on systems and thus record admin access data, for example. According to the developers, the vulnerability affects the REST API. To initiate an attack, it should be sufficient for attackers to upload special files. Malicious code attacks should be possible remotely without authentication.

Security researchers from Palo Alto Networks analyze Unit42 in a detailed report attacks from an advanced persistent threat group (APT). According to them, 4700 instances of Service Desk Plus are globally accessible via the Internet. Around 2900 of them are said to be vulnerable. Zoho states that the versions from 11306 onwards are armed against the attack described.

The developers of the software have Patch information for admins compiled on a website. Among other things, a tool can be downloaded there that can be used to check whether systems have already been compromised.


Article Source