CVE-2020-10189

Sažetak

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

Reference

https://srcincite.io/advisories/src-2020-0011/
https://srcincite.io/pocs/src-2020-0011.py.txt
https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-Deserialization.html
https://cwe.mitre.org/data/definitions/502.html

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-10-2022 - 13:42

Objavljeno

06-03-2020 - 17:15