Intrusion Prevention

Zoho.ME.Desktop.Central.AppDependency.Arbitrary.File.Write

Description

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Zoho Corporation ManageEngine Desktop Central.
he vulnerability is due to improper validation of uploaded ZIP files in a request to the AppDependency API. A remote, authenticated attacker could exploit this vulnerability by uploading a ZIP file with a maliciously crafted path. Successful exploitation could allow the attacker to write to an arbitrary file on the target system, which could be used to perform arbitrary code execution in the security context of SYSTEM.

Affected Products

Zoho Corporation ManageEngine Desktop Central prior to 10.0.484

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html

CVE References

CVE-2020-10859