Security advisories

Zoho Vulnerability Actively Exploited

March 10, 2020 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

eSentire has observed the active exploitation of the recently disclosed zero-day vulnerability in Zoho ManageEngine Desktop Central. The vulnerability was publicly noted on March 5th, 2020, along with proof-of-concept code for exploitation of the vulnerability [1]. If exploited, the vulnerability can result in remote code execution on vulnerable systems which can lead to a variety of malicious outcomes, including data exfiltration and the downloading of additional malicious content.

As active exploitation of this vulnerability is already occurring in the wild, it is highly recommended that organizations deploy the official Zoho security patches to avoid compromise. Zoho has released guidance to assess if exploitation of vulnerable devices has already occurred [2].

What we’re doing about it

What you should do about it

Additional information

The vulnerability resides in Zoho's ManageEngine Desktop Central before 10.0.474 and has been labeled CVE-2020-10189. Remote code execution can be achieved, under the context of SYSTEM, due to the deserialization of untrusted data in getChartImage in the FileStorage class [4].

References:

[1] https://twitter.com/steventseeley/status/1235635108498948096

[2] https://www.manageengine.com/products/desktop-central/rce-vulnerability-cve-2020-10189.html

[3] https://www.manageengine.com/products/desktop-central/service-packs.html

[4] https://srcincite.io/advisories/src-2020-0011/

View Most Recent Advisories