Authentication Bypass Vulnerability in ZoHo ADSelfService Plus Could Lead to Remote Code Execution (CVE-2021-40539)

ZoHo has issued an advisory for CVE-2021-40539, a critical vulnerability in REST API URLs in ADSelfService Plus. By exploiting this authentication bypass vulnerability, an attacker could achieve remote code execution and take control of affected hosts. The advisory also states that ZoHo has seen “indications of this vulnerability being exploited” in the wild. The Cybersecurity and Infrastructure Security Agency has issued an alert urging organizations to address this flaw.

ZoHo’s ManageEngine ADSelfService Plus is a password management and single sign-on solution for Active Directory. Versions up to 6113 are vulnerable to CVE-2021-40539, administrators should update to version 6114.

A list of Tenable plugins to identify this vulnerability will appear here as they’re released. We will provide updates as more information becomes available.