You are currently viewing Zoho Patches Critical Zero-day Flaw in its ADSelfService plus Exploited in The Wild

Zoho Patches Critical Zero-day Flaw in its ADSelfService plus Exploited in The Wild

 Zoho Patches Critical Zero-day Flaw in ADSelfService to patch a remote code execution (RCE) vulnerability existing in Zoho ADSelfService plus. The vulnerability allows the execution of unauthenticated remote arbitrary code on the affected systems. As per the alert of the US Cyber Security and Infrastructure Security Agency (CISA), the vulnerability has been exploited in the wild.


Vulnerability Details

  • CVE-2021-40539: A remote code execution vulnerability exists in ADSelfService plus of Zoho

The flaw is assigned with the identifier CVE-2021-40539. The severity score is not yet calculated by NIST but is considered as Critical as it allows unauthenticated RCE on systems with vulnerable ADSelfService plus.

The vulnerability can be triggered by sending a specially crafted request to the REST API endpoint of ADSelfService plus. As a result, an attacker can perform unauthenticated RCE on the affected systems.


Way to Identify if the installation is affected

As per the advisory of Zoho Corp, look for access log entries with the following strings in \ManageEngine\ADSelfService Plus\log folder:

  1. /RestAPI/LogonCustomization
  2. /RestAPI/Connection

The system is affected if any of these entries are present in the logs


Affected Versions

Zoho ADSelfService plus versions before 6114.


Solution

Zoho Patches Critical Zero-day Flaw in ADSelfService in version 6114 or later.

The vulnerable versions of ADSelfService plus are advised to be updated to the latest available release.

5 1 vote
Article Rating
Subscribe
Notify of

0 Comments
Inline Feedbacks
View all comments