Intrusion PreventionManageEngine.Desktop.Central.getChartImage.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Zoho ManageEngine Desktop Central.
This vulnerability is due to a lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. Successful exploitation results in execution of code under the context of SYSTEM.
Affected Products
Zoho ManageEngine Desktop Central build 10.0.478 and below
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-03 | 25.614 | Name:ZOHO. ManageEngine. DC. getChartImage. Remote. Code. Execution:ManageEngine. Desktop. Central. getChartImage. Code. Execution |
| 2020-09-30 | 16.934 | Name:Zoho. ManageEngine. DC. getChartImage. Remote. Code. Execution:ZOHO. ManageEngine. DC. getChartImage. Remote. Code. Execution |
| 2020-07-06 | 15.879 | Sig Added |
| 2020-05-04 | 15.832 | Default_action:pass:drop |
| 2020-04-06 | 15.811 |
| ID | 48794 |
| Created | Apr 06, 2020 |
| Updated | Aug 02, 2023 |
| Risk |
|
| CVE ID | CVE-2020-10189 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.21% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |