Zoho Patches Critical Zero-day Flaw in ADSelfService to patch a remote code execution (RCE) vulnerability existing in Zoho ADSelfService plus. The vulnerability allows the execution of unauthenticated remote arbitrary code on the affected systems. A vulnerability management solution can remediate this vulnerability. As per the alert of the US Cyber Security and Infrastructure Security Agency (CISA), the vulnerability exploited in the wild.
Vulnerability Details
- CVE-2021-40539: A remote code execution vulnerability exists in ADSelfService plus of Zoho
The flaw assigned with the identifier CVE-2021-40539. The severity score is not yet calculated by NIST but is considered as Critical as it allows unauthenticated RCE on systems with vulnerable ADSelfService plus. A patch management tool can patch this critical vulnerability.
The vulnerability triggered by sending a specially crafted request to the REST API endpoint of ADSelfService plus. As a result, an attacker can perform unauthenticated RCE on the affected systems.
Way to Identify if it affects the installation
As per the advisory of Zoho Corp, look for access log entries with the following strings in \ManageEngine\ADSelfService Plus\log folder:
- /RestAPI/LogonCustomization
- /RestAPI/Connection
The system affected if any of these entries are present in the logs
Affected Versions
Zoho ADSelfService plus versions before 6114.
Solution
Zoho Patches Critical Zero-day Flaw in ADSelfService in version 6114 or later.
The vulnerable versions of ADSelfService plus advised to update to the latest available release.