Intrusion Prevention

ZOHO.ManageEngine.DC.getChartImage.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Zoho ManageEngine Desktop Central.
This vulnerability is due to a lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. Successful exploitation results in execution of code under the context of SYSTEM.

Affected Products

Zoho ManageEngine Desktop Central build 10.0.478 and below

Impact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html

CVE References

CVE-2020-10189