Vulnerabilities > CVE-2020-10189 - Deserialization of Untrusted Data vulnerability in Zohocorp Manageengine Desktop Central
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
id | EDB-ID:48224 |
last seen | 2020-03-17 |
modified | 2020-03-17 |
published | 2020-03-17 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/48224 |
title | ManageEngine Desktop Central - Java Deserialization (Metasploit) |
Metasploit
description | This module exploits a Java deserialization vulnerability in the getChartImage() method from the FileStorage class within ManageEngine Desktop Central versions < 10.0.474. Tested against 10.0.465 x64. Quoting the vendor's advisory on fixed versions: "The short-term fix for the arbitrary file upload vulnerability was released in build 10.0.474 on January 20, 2020. In continuation of that, the complete fix for the remote code execution vulnerability is now available in build 10.0.479." |
id | MSF:EXPLOIT/WINDOWS/HTTP/DESKTOPCENTRAL_DESERIALIZATION |
last seen | 2020-06-14 |
modified | 2020-05-21 |
published | 2020-03-10 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/desktopcentral_deserialization.rb |
title | ManageEngine Desktop Central Java Deserialization |
Nessus
NASL family | CGI abuses |
NASL id | MANAGEENGINE_DESKTOP_CENTRAL_100479.NASL |
description | The ManageEngine Desktop Central application running on the remote host is version 10 prior to build 100479. It is, therefore, affected by a remote code execution vulnerability. |
last seen | 2020-04-04 |
modified | 2020-03-19 |
plugin id | 134677 |
published | 2020-03-19 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/134677 |
title | ManageEngine Desktop Central 10 < Build 100479 Remote Code Execution |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/156730/desktopcentral_deserialization.rb.txt |
id | PACKETSTORM:156730 |
last seen | 2020-03-14 |
published | 2020-03-14 |
reporter | mr_me |
source | https://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html |
title | ManageEngine Desktop Central Java Deserialization |
Related news
References
- http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html
- https://cwe.mitre.org/data/definitions/502.html
- https://srcincite.io/advisories/src-2020-0011/
- https://srcincite.io/pocs/src-2020-0011.py.txt
- https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
- https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/
- http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html
- https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/
- https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
- https://srcincite.io/pocs/src-2020-0011.py.txt
- https://srcincite.io/advisories/src-2020-0011/
- https://cwe.mitre.org/data/definitions/502.html