Rapid7 announces the start of operation of the recently fixed critical CVE-2022-47966 in Zoho ManageEngine even before Horizon3.ai released its own PoC exploit.

The problem, considered critical, was discovered in November 2022, when Zoho announced the release of fixes for more than 20 affected local products.

However, earlier this month Horizon3.ai She warned about the presence on the Internet of at least a thousand vulnerable ManageEngine products for "spray and pray" type attacks, and only after repeated warnings presented the PoC.

As Rapid7 notes, some of the affected products, including ADSelfService Plus and ServiceDesk Plus, are very popular in the business environment.

In this regard, they are no less popular among hackers, who, as it became known during the investigation of one of the incidents, exploited CVE-2022-47966 even before the release of the PoC.

GreyNoise resellers also join the conclusions of their colleagues, who also began to record attacks using CVE-2022-47966.

Both companies recommend that organizations using any of the vulnerable ManageEngine products immediately update and check unpatched systems for signs of compromise.