Main Vulnerability Database Exploits ID:4692 - Exploit for Improper Authentication in Zoho ManageEngine Desktop Central - CVE-2020-15589

ID:4692 - Exploit for Improper Authentication in Zoho ManageEngine Desktop Central - CVE-2020-15589

Published: October 10, 2020

Vulnerability identifier: #VU31933

Vulnerability risk: High

CVE-ID: CVE-2020-15589

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Zoho ManageEngine Desktop Central

Link to public exploit:

https://github.com/patois/zohocorp_dc

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in agent-server communication in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate functions within the client application. An attacker controlled server can force the client application to skip TLS certificate validation and perform a MitM attack or compromise the affected system.

Remediation

Install updates from vendor's website.

ID:4692 - Exploit for Improper Authentication in Zoho ManageEngine Desktop Central - CVE-2020-15589

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human