Yesterday, security researchers reported a zero-day vulnerability in a Zoho enterprise product. The zero-day impacts the Zoho ManageEngine Desktop Central, an endpoint management solution. Android smartphones, Linux servers, and Mac/Windows workstations are often all controlled by Zoho ManageEngine Desktop Central. This means that the zero-day could have a large impact on companies around the world as it could serve as an entry point for threat actors seeking to infect companies with ransomware.
Security researcher Steven Seeley published details and a proof of concept demo code about the vulnerability yesterday, sting that it allows him to execute arbitrary code on affected installations of the ManageEngine Desktop Central. Seeley also reported that there is no need for authentication and the code runs with full root privileges on the machine.
Read More: Zoho zero-day published on Twitter