Alert status HIGH Background /What has happened? Malicious actors have attempted to use Zoho ManageEngine vulnerabilities in the past to target Australian organisations. On the 2nd of December 2021, CISA and the FBI released a joint Cybersecurity advisory identifying active exploitation of the Zoho ManageEngine ServiceDesk Plus product suite. Zoho ManageEngine identified active exploitation of their Desktop Central product suite on the 3rd of December 2021 in an advisory. A patch already exists for the ServiceDesk Plus product suite due to an existing authentication bypass vulnerability that was made known and patchable on the 17th of September 2021 via a Zoho ManageEngine advisory. Mitigation / How do I stay secure? Australian organisations who utilise Zoho ManageEngine products should review Zoho’s ManageEngine’s security advisories below for a list of specific vulnerable products and versions. Zoho ManageEngine ServiceDesk Plus Zoho ManageEngine Desktop Central Affected organisations should then review their patch status and update to the latest available version. Additionally, Australian organisations using vulnerable Zoho ManageEngine products should make use of the Zoho ManageEngine exploit detection tool. Assistance / Where can I go for help? The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371). Content complexity Moderate This rating relates to the complexity of the advice and information provided on the page.