Zoho ManageEngine Desktop Central CVEs
Zoho ManageEngine Desktop Central CVEs CVE-2020-15588 CVE-2020-15589 CVE-2020-24397 Proof-Of-Concept Exploit
An issue exists in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine desktop central |