CVE-2020-10189 — CRITICAL (9.8)

Q: How severe is CVE-2020-10189?

CVE-2020-10189 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-10189?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Desktop Central.

Vulnerability Description

Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zohocorp	Manageengine Desktop Central	< 10.0.479

Related Weaknesses (CWE)

CWE-502

References

http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-DeExploitThird Party AdvisoryVDB Entry
https://cwe.mitre.org/data/definitions/502.htmlThird Party Advisory
https://srcincite.io/advisories/src-2020-0011/ExploitThird Party Advisory
https://srcincite.io/pocs/src-2020-0011.py.txtExploitThird Party Advisory
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnVendor Advisory
https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/Third Party Advisory
http://packetstormsecurity.com/files/156730/ManageEngine-Desktop-Central-Java-DeExploitThird Party AdvisoryVDB Entry
https://cwe.mitre.org/data/definitions/502.htmlThird Party Advisory
https://srcincite.io/advisories/src-2020-0011/ExploitThird Party Advisory
https://srcincite.io/pocs/src-2020-0011.py.txtExploitThird Party Advisory
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnVendor Advisory
https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource

FAQ

What is CVE-2020-10189?

CVE-2020-10189 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServ...

How severe is CVE-2020-10189?

CVE-2020-10189 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-10189?

Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Desktop Central.