Skip to main content

Zoho ManageEngine ServiceDesk Plus & Desktop Central remote code execution vulnerabilities

Vulnerabilities have been identified in certain versions of Zoho ManageEngine ServiceDesk Plus and Desktop Central product suites. Australian organisations using vulnerable Zoho ManageEngine products should apply the available patch.

Alert status

Background /What has happened?

Malicious actors have attempted to use Zoho ManageEngine vulnerabilities in the past to target Australian organisations.

On the 2nd of December 2021, CISA and the FBI released a joint Cybersecurity advisory identifying active exploitation of the Zoho ManageEngine ServiceDesk Plus product suite.

Zoho ManageEngine identified active exploitation of their Desktop Central product suite on the 3rd of December 2021 in an advisory.

A patch already exists for the ServiceDesk Plus product suite due to an existing authentication bypass vulnerability that was made known and patchable on the 17th of September 2021 via a Zoho ManageEngine advisory.

Mitigation / How do I stay secure?

Australian organisations who utilise Zoho ManageEngine products should review Zoho’s ManageEngine’s security advisories below for a list of specific vulnerable products and versions.

Affected organisations should then review their patch status and update to the latest available version.

Additionally, Australian organisations using vulnerable Zoho ManageEngine products should make use of the Zoho ManageEngine exploit detection tool.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

Content complexity
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it