Security Researchers: Pre-authentication RCE vulnerability in Zoho ManageEngine

Security Researchers: Pre-authentication RCE vulnerability in Zoho ManageEngine

Sharing is caring!

Security researchers have issued a warning about the Pre-authentication RCE Vulnerability, CVE-2022-47966, in Zoho ManageEngine, which is likely to lead to ‘Spray and pray’ attacks across the internet. 

The RCE Vulnerability includes ServiceDesk Plus 14003 and Endpoint Central 10.1.2228.10.

Several Zoho ManageEngine products are affected by this vulnerability, patched by Zoho last November, and can be exploited over the internet if SAML single sign-on is enabled.

Enterprises hugely use ManageEngine products to perform the business functions such as identity management, authorization, authentication, and more. According to Zoho, ManageEngine is used by 280,000 organizations in 190 countries.

As a result, a vulnerability like this poses a critical security risk to organizations, allowing attackers to gain initial access and move laterally using highly privileged credentials. says, “Once an attacker has SYSTEM level access to the endpoint, attackers are likely to begin dumping credentials via LSASS or leverage existing public tooling to access stored application credentials to conduct lateral movement.”

As per Shodan data, ManageEngine products with SAML enabled are probably exposed to the internet in more than a thousand instances.

Although Zoho released the patches for the affected products in October last year, only some were patched. 

On the same, red-teamer James Horseman says, “We expect some ManageEngine clients to have already patched, but given how slow enterprise patch cycles can be, we expect that there are many who have not yet patched.”

James continues to say that while SAML is not currently enabled, the vulnerability can still be exploited if it was enabled at some point in the past. It will be best to patch all the affected products soon.

To stay updated with similar helpful information about day-to-day technology, follow us on our different social media platforms YouTube, LinkedIn, Facebook, Twitter, and Instagram.


Sachin Arora

Scrum Master and Principal Solutions Architect
"Sachin, a renowned Scrum Master and Principal Solutions Architect at Cloud Analogy, has rich experience when it comes to working on process improvement in a fast-paced environment maintaining high level of quality in all deliverables. Well known in the industry circles for his systematic approach to work and humbleness, Sachin has the ability to oversee, manage multiple projects simultaneously besides documenting and analyzing client requirement and defining a clear scope with appropriate timelines. He has a knack of handling critical escalations and possesses excellent interpersonal skills with demonstrated ability to work in a multicultural, multi-ethnic environment and to maintain effective working relations. Sachin's expertise lies in varied hardware and software environments including Cloud technologies such as Salesforce, AWS, Cloud Foundry & Google App Engine and Mobile. Sachin is always proactively dedicated to his craft and very hard working for his clients. A true professional in every sense of the word! A very grounded personality enables him to lead teams effectively and be of value to all in his network. Sachin has an eye for detail and know how to get things done with the big picture always in his mind."

Close Menu
× How can I help you?