Australian Cyber Security Centre
Background /What has happened?
Malicious actors have attempted to use Zoho ManageEngine vulnerabilities (CVE-2021-44077) to target Australian organisations.
On the 2nd of December 2021, CISA and the FBI released a joint Cybersecurity advisory identifying active exploitation of the vulnerability.
A patch already exists for this vulnerability due to an existing Zoho ManageEngine authentication bypass vulnerability that was made known and patchable on the 16th of September 2021.
/Public Release. View in full here.
