Hackers are compromising vulnerable ManageEngine Desktop Central instances

2020-03-10 11:22

ManageEngine Desktop Central is developed by ManageEngine, a division of Zoho Corporation, a software development company that focuses on web-based business tools and information technology.

CVE-2020-10189 allows for deserialization of untrusted data and allows unauthenticated, remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central and achieve SYSTEM/root privileges.

Nate Warfield, senior security program manager at Microsoft, used the Shodan search engine to find some 2,300 publicly accessible Desktop Central instances.

Finally, since the solution is often used by managed service providers, compromised Desktop Central instances could result in the simultaneous compromise of many client organizations' endpoints and, through them, networks.

Organizations who use ManageEngine Desktop Central should upgrade to a safe version as soon as possible.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/40luL74GVkw/

#desktop #hacker #manageengine #CVE-2020-10189

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2020-03-06	CVE-2020-10189	Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. network low complexity zohocorp CWE-502 critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Manageengine		20	1	34	7	5	47