ManageEngine.Desktop.Central.MSP.Arbitrary.File.Upload
Description
This indicates an attack attempt against an Path Traversal vulnerability in ManageEngine Desktop Central.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP packet. It allows a remote attacker to execute arbitrary codes against affected machine via crafted requests.
Affected Products
ManageEngine Desktop Central MSP prior to 9 build 90142
ManageEngine DesktopCentral prior to 9 build 90142
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the latest update from the vendor
http://www.manageengine.com/desktop-management-msp/service-packs.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-07 | 14.628 | Severity:high:critical |