Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration
Joint Review of Protection System Commissioning Programs
July 5, 2022Violation of FAC-008-3 R6 and FAC-009-1 R1 Results in $210,000 Penalty
July 5, 2022
Summary:
There is a vulnerability in Zoho’s compliance tool, ManageEngine ADAudit Plus. The tool monitors changes to Microsoft Active Directory and leaves endpoints vulnerable to unauthenticated users. The vulnerability could allow an attack to take over an entire enterprise network. The tool offers a path into a company’s workstations, file serves, and overall servers. The tool allows IT admin to access a range of users, groups, permissions, and login information as well as security policies. Users can also collect security events from agents running on other machines in the domain. The platform’s ability to provide access into an internal IT ecosystem increases the potential for a high-level data exposure should a breach occur. A CVE-2022-28219 vulnerability would allow malicious users to take over a network and deploy ransomware, exfiltrate business data, or disrupt operations. They could also exploit XML External Entities, Java deserialization and cause additional problems.
