Australian Cyber Security Centre
Background /What has happened?
Malicious actors have attempted to use Zoho ManageEngine vulnerabilities (CVE-2021-44077) to target Australian organisations.
On the 2nd of December 2021, CISA and the FBI released a joint Cybersecurity advisory identifying active exploitation of the vulnerability.
A patch already exists for this vulnerability due to an existing Zoho ManageEngine authentication bypass vulnerability that was made known and patchable on the 16th of September 2021.
/Public Release. This material from the originating organization/author(s) may be of a point-in-time nature, edited for clarity, style and length. The views and opinions expressed are those of the author(s).View in full here.
