← Back to CVEs
CVE-2020-15588
CRITICAL9.8
Description
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/29/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
zohocorp:manageengine_desktop_central
Weaknesses (CWE)
CWE-190CWE-787
References
https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerability.html(cve@mitre.org)
https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerability.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.