Zoho ManageEngine Desktop Central CVEs
Zoho ManageEngine Desktop Central CVEs CVE-2020-15588 CVE-2020-15589 CVE-2020-24397 Proof-Of-Concept Exploit
A design issue exists in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus prior to 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine desktop central 10.0.552.w |
||
zohocorp manageengine remote access plus |