ZOHO Zero-Day Security Vulnerability
- CVE-2020-10189 – 10.0
Sources
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
Risks
A remote attacker can leverage this security flaw to execute arbitrary code on affected installations of Desktop Central. Authentication is not required to exploit this vulnerability.
Description
Zoho has released a security update that impacts ManageEngine Desktop Central build 10.0.473. and below.
The exploitation of CVE-2020-10189 allows threat actors to execute arbitrary code as SYSTEM/root on unpatched ManageEngine Desktop Central (also known as Unified Endpoint Management - UEM). Unpatched Desktop Central Installations could also lead to the deployment of dangerous malware on the network of a company.
Recommended Actions
CERT.be recommends users of ManageEngine Desktop Central build 10.0.473. and below to update to the latest version 10.0.479 or newer, released by Zoho.