CVE-2020-8838 - CERT CVE
ID CVE-2020-8838
Sažetak An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.
Reference
CVSS
Base: 4.9
Impact: 6.4
Exploitability:4.4
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK MEDIUM SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:A/AC:M/Au:S/C:P/I:P/A:P
Zadnje važnije ažuriranje 07-10-2022 - 14:14
Objavljeno 23-03-2020 - 17:15