image credit: Unsplash

Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

September 23, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog.

The details of in-the-wild exploitation of the flaw aren’t available – though, according to data collected by Greynoise, exploitation attempts don’t seem widespread.

About CVE-2022-35405

CVE-2022-35405 is a remote code execution vulnerability that can be exploited to execute arbitrary code on affected installations of Password Manager Pro and PAM360 without prior authentication, and on Access Manager Plus with prior authentication.

Read More on Help Net Security