CVE-2020-15588

CWE-190Integer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICAL
EPSS
6.0%
top 9.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Desktop Central
Timeline
PublishedJul 29
Latest updateMay 24

Description

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-66f5-9hwv-gw9h: An issue was discovered in the client side of Zoho ManageEngine Desktop Central before 102022-05-24
CVEList
CVE-2020-15588: An issue was discovered in the client side of Zoho ManageEngine Desktop Central 102020-07-29
CVE-2020-15588 (CRITICAL CVSS 9.8) | An issue was discovered in the clie | cvebase.io