High
CVE-2020-15588
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-15588
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
Add Assessment
Ratings
-
Attacker ValueHigh
-
ExploitabilityVery Low
Technical Analysis
CVE-2020-15589 and CVE-2020-24397 are grouped together with this.
I want to clarify that these are client-side vulnerabilities in ManageEngine Desktop Central. Exploiting them will certainly require MITM or other control of the network.
Details and a PoC are available, so patch this immediately. Desktop Central is UEM software, and while this is a set of client-side vulns, you don’t want attackers taking advantage of such critical software.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- zohocorp
Products
- manageengine desktop central
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
