Intrusion Prevention

ManageEngine.Desktop.Central.MSP.Arbitrary.File.Upload

Description

This indicates an attack attempt against an Path Traversal vulnerability in ManageEngine Desktop Central.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP packet. It allows a remote attacker to execute arbitrary codes against affected machine via crafted requests.

Affected Products

ManageEngine Desktop Central MSP prior to 9 build 90142
ManageEngine DesktopCentral prior to 9 build 90142

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor
http://www.manageengine.com/desktop-management-msp/service-packs.html

CVE References

CVE-2015-8249

Other References

ZDI-15-180