Hacking Zoho: zero-day vulnerability in a business product exposes company’s customers

A cloud computing security firm has revealed the discovery of a critical zero-day vulnerability in one of the enterprise products of tech firm Zoho; according to the report, this flaw could cause problems for businesses worldwide, as threat actors could use it as an entry point to deploy ransomware attacks, among other malicious activities.

The product affected is Zoho ManageEngine Desktop Central, an endpoint management solution widely used by companies around the world to control their Internet-connected devices, such as smartphones, Linux servers, as well as Mac and Windows workstations.

According to the cloud computing security firm that submitted the report, this product allows system administrators to send updates, take control of devices remotely, among other tasks. In addition to the report of the flaw, the code of a proof of concept for exploitation was published too. The flaw allows a remote threat actor to execute arbitrary code in the affected ManageEngine Desktop Central deployments. For this, hackers do not require authentication on the vulnerable system, which makes exploitation even more dangerous.

Successful exploitation would allow hackers to take full control of the product and thus linked devices.

This is not the first time that these kinds of solutions, primarily employed by IT support companies, represent a security issue. For a couple of years, some groups of cybercriminals began infecting target users from ransomware by exploiting this attack vector.

Cloud computing security firms, technical support, cybersecurity, industry, and public organizations around the world use this product, so they’ll be at risk until Zoho announces the release of an updated version or security patch. It should be mentioned that it is not yet clear when mitigation will be ready, so companies should remain alert to any anomalous activity on their networks.

According to the International Institute of Cyber Security (IICS), there are at least 2, 300 servers exposed on the Internet that use this Zoho product, so it is essential that the company updates as soon as possible.