Proof-of-Concept Released for Zoho ManageEngine RCE vulnerability (CVE-2022-47966)

UPDATE 04/22/2023: Updated Appendix for Outbreak Alert. Added reference to CVE-2022-47966 being leveraged by a subgroup of the Mint Sandstorm APT.FortiGuard Labs is aware of a report that Proof-of-Concept code for a critical Zoho ManageEngine RCE vulnerability is actively exploited was released to the public. Patched in October and November, 2022, the vulnerability affects multiple on-premise ManageEngine products and allows attackers to perform remote code execution with SYSTEM level privileges.Why is this Significant?Although a patch is available for the Zoho …

actively exploited alert apt attackers aware code code execution concept critical cve cve-2022-47966 exploited labs manageengine mint mint sandstorm november october outbreak patch premise privileges products proof-of-concept public rce reference remote code remote code execution report sandstorm system update vulnerability zoho zoho manageengine