Headline
CVE-2020-15588: Integer Overflow Vulnerability| ManageEngine Desktop Central
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication.
CVE-2020-15588, CVE-2020-24397: Integer Overflow Vulnerability
This document will explain you about the Integer overflow vulnerability (CVE-2020-15588, CVE-2020-24397) in Desktop Central, reported by pat0is.
What was the problem?
Integer overflow due to improper handling of header values has been fixed.
How do I fix it?
This has been identified and fixed in Desktop Central build 10.0.561. To apply this fix, follow the steps below:
- Log in to your Desktop Central console, click on your current build number on the top right corner.
- You can find the latest build applicable to you. Download the PPM and update.
This vulnerability is not applicable to cloud editions of Desktop Central, Patch Manager Plus and Remote Access Plus.
Keywords: Security Updates, Vulnerabilities and Fixes.