| ID | 48794 |
| Created | Apr 06, 2020 |
| Updated | Sep 29, 2020 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Windows |
| Affected App | Other |
Legend
| Active/Available |
|
| InActive/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2020-09-30 | 16.934 | Name:Zoho. ManageEngine. DC. getChartImage. Remote. Code. Execution:ZOHO. ManageEngine. DC. getChartImage. Remote. Code. Execution |
| 2020-07-06 | 15.879 | Sig Added |
| 2020-05-04 | 15.832 | Default_action:pass:drop |
| 2020-04-06 | 15.811 |
click on each chart to view data in detail.
[[threatName]]
Refine Search
Threat Encyclopedia
ZOHO.ManageEngine.DC.getChartImage.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Zoho ManageEngine Desktop Central.
This vulnerability is due to a lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. Successful exploitation results in execution of code under the context of SYSTEM.
Affected Products
Zoho ManageEngine Desktop Central build 10.0.478 and below
Impact
System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
CVE References
CVE-2020-10189
✖