⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-10189

CWE-502 — Deserialization of Untrusted Data9 documents9 sources

Severity

9.8CRITICAL

EPSS

94.2%

top 0.07%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Zohocorp Manageengine Desktop Central

Timeline

PublishedMar 6

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_desktop_central< 10.0.479

🔴Vulnerability Details

GHSA

GHSA-cx3q-6fpx-362x: Zoho ManageEngine Desktop Central 10 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage cla↗2022-05-24

▶

CVEList

CVE-2020-10189: Zoho ManageEngine Desktop Central before 10↗2020-03-06

▶

VulnCheck

Zoho ManageEngine Desktop Central File Upload Vulnerability↗2020

▶

💥Exploits & PoCs

Exploit-DB

ManageEngine Desktop Central - Java Deserialization (Metasploit)↗2020-03-17

▶

Nuclei

ManageEngine Desktop Central Java Deserialization

▶

🔍Detection Rules

Suricata

ET EXPLOIT Zoho ManageEngine Desktop Central RCE Inbound (CVE-2020-10189)↗2020-03-12

▶

📋Vendor Advisories

CISA

Zoho ManageEngine Desktop Central File Upload Vulnerability↗2021-11-03

▶