Vulnerability Description
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Desktop Central | < 10.0.561 |
Related Weaknesses (CWE)
References
- https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerabiVendor Advisory
- https://www.manageengine.com/products/desktop-central/integer-overflow-vulnerabiVendor Advisory
FAQ
What is CVE-2020-15588?
CVE-2020-15588 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendReque...
How severe is CVE-2020-15588?
CVE-2020-15588 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15588?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Desktop Central.