CVE-2022-35405 Detection: CISA Warns of Adversaries Leveraging ManageEngine RCE Flaw

[post-views]
September 23, 2022 · 2 min read
CVE-2022-35405 Detection: CISA Warns of Adversaries Leveraging ManageEngine RCE Flaw

Shields up! On September 22, 2022, The Cybersecurity and Infrastructure Security Agency (CISA) released a directive urging all FCEB agencies to fix a flaw affecting Zoho ManageEngine products by mid-October. Indexed as CVE-2022-35405, the security issue is a critical Java deserialization flaw and is currently actively exploited in the wild.

The flaw was documented in late Summer 2022 and, according to the write-up, affects Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus solutions.

Detect CVE-2022-35405

To enable organizations to effectively defend against potential cyber-attacks exploiting the critical ManageEngine RCE flaw, utilize newly released detection content pieces enhanced with relevant contextual information, available via SOC Prime’s Cyber Threats Search Engine:

Detection content to spot CVE-2022-35405 exploitation attempts

In 2022, the number of cyber-attacks is expected to surpass prior year records. In the current avalanche of critical vulnerabilities affecting popular software products, it is vital to employ an efficient detection opt for continuously emerging exploitation attempts. To stay ahead of attackers, gear up with curated detection content and cutting-edge capabilities for enhanced cyber defense.

Explore Detections  

CVE-2022-35405 Analysis

CISA’s Known Exploited Vulnerabilities (KEV) catalog has increased by one more security issue tagged as CVE-2022-35405, now actively exploited in the wild. Successful exploit grants adversaries the ability to execute arbitrary code on a compromised device. The patches for this flaw have been available since June, so there is no time to delay fixing the issue if your organization’s affected – it is better late than never.

Striving to make your own contribution to collective industry expertise by authoring detection content? SOC Prime’s Threat Bounty Program welcomes experienced and aspiring threat hunters to share their Sigma, Snort, and YARA-based detection content in exchange for expert coaching and steady revenue.

Table of Contents

Was this article helpful?

Like and share it with your peers.
Join SOC Prime's Detection as Code platform to improve visibility into threats most relevant to your business. To help you get started and drive immediate value, book a meeting now with SOC Prime experts.

Related Posts