urlscan.io logo urlscan.io
SecurityTrails logo

us-cert.cisa.gov Open in urlscan Pro
2a02:26f0:fb:5b4::447a  Public Scan

Back to summary
Submitted URL: https://protect-us.mimecast.com/s/UtjvCVOy89hx54KEuGBo5Y?domain=us-cert.cisa.gov
Effective URL: https://us-cert.cisa.gov/ncas/current-activity/2021/09/16/fbi-cisa-cgcyber-advisory-apt-exploitation-manageengine
Submission: On September 16 via api from US — Scanned from DE

Form analysis 3 forms found in the DOM

GET https://search.us-cert.gov/search

<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-xs searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-desktop" name="affiliate" type="hidden" value="us-cert">
  <div class="form-group"><label class="sr-only" for="query-desktop">Enter Search Terms(s):</label>
    <div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-desktop" name="query" placeholder="Search" type="text">
      <div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" data-entity-type="" data-entity-uuid="" src="/sites/default/files/cert/search-icon.png" title="search icon"></button></div>
    </div>
  </div>
</form>

GET https://search.us-cert.gov/search

<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-lg hidden-md searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-mobile" name="affiliate" type="hidden" value="us-cert">
  <div class="form-group"><label class="sr-only" for="query-mobile">Enter Search Terms(s):</label>
    <div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-mobile" name="query" placeholder="Search" type="text">
      <div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" data-entity-type="" data-entity-uuid="" src="/sites/default/files/cert/search-icon.png" title="search icon"></button></div>
    </div>
  </div>
</form>

https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify

<form action="https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify"><label class="visually-hidden" for="email-address-field">Enter your email address</label> <input class="signup-form" id="email-address-field" name="email"
    placeholder=" Enter your email address" title="Enter your email address" type="text"><br><input class="btn btn-primary" name="submit" title="Sign up for alerts" type="submit" value="Sign Up">&nbsp;</form>

Text Content

Skip to main content

An official website of the United States government Here's how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS A lock () or https:// means you've safely
connected to the .gov website. Share sensitive information only on official,
secure websites.
Enter Search Terms(s):

ServicesReport

--------------------------------------------------------------------------------

Toggle navigation

Enter Search Terms(s):

Services
Report


CERTMAIN MENU

 * Alerts and Tips
 * Resources
 * Industrial Control Systems
 * Report

--------------------------------------------------------------------------------


TLP:WHITE
TLP:WHITE
 1. National Cyber Awareness System    >
 2. Current Activity    >
 3. FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService
    Plus Vulnerability


FBI-CISA-CGCYBER ADVISORY ON APT EXPLOITATION OF MANAGEENGINE ADSELFSERVICE PLUS
VULNERABILITY

Original release date: September 16, 2021


The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command
(CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the
active exploitation of an authentication bypass vulnerability (CVE-2021-40539)
in Zoho ManageEngine ADSelfService Plus—a self-service password management and
single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced
persistent threat (APT) cyber actors are likely among those exploiting the
vulnerability. The exploitation of this vulnerability poses a serious risk to
critical infrastructure companies, U.S.-cleared defense contractors, academic
institutions, and other entities that use the software.

CISA strongly encourages users and administrators to review Joint
FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in
ManageEngine ADSelfService Plus and immediately implement the recommended
mitigations, which include updating to ManageEngine ADSelfService Plus build
6114(link is external).

This product is provided subject to this Notification and this Privacy & Use
policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.


LATEST ALERTS

 * APT Actors Exploiting Newly Identified Vulnerability in ManageEngine
   ADSelfService Plus
   Thursday, September 16, 2021
 * Ransomware Awareness for Holidays and Weekends
   Tuesday, August 31, 2021
 * BadAlloc Vulnerability Affecting BlackBerry QNX RTOS
   Tuesday, August 17, 2021

More Alerts »


RECENT VULNERABILITIES

 * VU#131152: Microsoft Windows Print Spooler Point and Print allows
   installation of arbitrary queue-specific files
   Tuesday, September 14, 2021 at 6:44 PM
 * VU#914124: Arcadyan-based routers and modems vulnerable to authentication
   bypass
   Monday, September 6, 2021 at 12:12 PM
 * VU#799380: Devices supporting Bluetooth Core and Mesh Specifications are
   vulnerable to impersonation attacks and AuthValue disclosure
   Wednesday, September 1, 2021 at 12:21 PM
 * VU#405600: Microsoft Windows Active Directory Certificate Services can allow
   for AD compromise via PetitPotam NTLM relay attacks
   Tuesday, August 17, 2021 at 3:32 PM
 * VU#357312: HTTP Request Smuggling in Web Proxies
   Thursday, August 12, 2021 at 7:33 AM

More Vulnerability Notes »


CONTACT US

(888)282-0870

Send us email(link sends email)

Download PGP/GPG keys

Submit website feedback


SUBSCRIBE TO ALERTS

Receive security alerts, tips, and other updates.

Enter your email address
 


HSIN
Report

--------------------------------------------------------------------------------

Home   Site Map   FAQ   Contact Us   Traffic Light Protocol   PCII  
Accountability   Disclaimer   Privacy Policy   FOIA   No Fear Act  
AccessibilityPlain WritingPlug-ins   Inspector General   The White House  
USA.gov
 

CISA is part of the Department of Homeland Security