A critical security vulnerability that lies in the Zoho ManageEngine ADSelfService Plus platform is being actively exploited in the wild as a zero-day, according to the Cybersecurity and Infrastructure Security Agency (CISA). The bug could allow remote attackers to bypass authentication and have access to users’ Active Directory and cloud accounts. Zoho issued a patch to fix the critical flaw on Tuesday, and the CISA warned shortly after that organizations utilizing the Zoho platform should apply it immediately.
The CISA also advised that admins should ensure that their ADSelfService Plus is not directly accessible from the internet. The platform, ADSelfService Plus, is a self-service password management and single-sign-on solution for AD and cloud applications, meaning that a cyberattacker who accessed the platform via the flaw would gain multiple pivot points into sensitive data located on mission-critical apps and other parts of the corporate network. The application is powerful and highly privileged that provides a convenient point-of-entry into a company’s network.
Read More: Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix