#FBI- #CISA- #CGCYBER Advisory on APT Exploitation of ManageEngine #ADSelfService Plus Vulnerability

Read Time48 Second

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

09/16/2021 12:14 PM EDT

 

Original release date: September 16, 2021
The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.

CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.

About Post Author

Robert Williams

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: