CVE-2022-35405 Zoho CVE debrief

Who should care

Security, IT operations, and patch management teams responsible for Zoho ManageEngine deployments should care, especially anyone tracking CISA KEV remediation requirements.

Technical summary

The supplied CISA KEV entry identifies CVE-2022-35405 as a remote code execution vulnerability affecting Zoho ManageEngine multiple products. CISA marked it as known exploited and directed organizations to apply updates per vendor instructions. The provided corpus does not include affected version ranges, exploit mechanics, or a CVSS score.

Defensive priority

High. KEV inclusion indicates known exploitation and a remediation deadline of 2022-10-13 in the supplied timeline, so this should be prioritized ahead of non-KEV issues in the same environment.

Recommended defensive actions

• Apply vendor-recommended updates for affected Zoho ManageEngine products.
• Inventory all ManageEngine instances to confirm exposure and identify owners.
• Validate remediation against the vendor advisory linked in the KEV notes and the NVD record.
• Track the KEV due date and document closure of any affected systems.
• Monitor for signs of suspicious administrative activity or unexpected code execution on ManageEngine hosts.

Evidence notes

Evidence is limited to the supplied CISA KEV metadata and official resource links. The source explicitly labels CVE-2022-35405 as a Zoho ManageEngine multiple-products remote code execution vulnerability, notes it as known exploited, and records the required action as applying updates per vendor instructions. No CVSS score, affected-version details, or exploit narrative were included in the corpus.

Official resources