Intrusion PreventionManageEngine.Desktop.Central.AppDependency.Arbitrary.File.Write
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Zoho Corporation ManageEngine Desktop Central.
he vulnerability is due to improper validation of uploaded ZIP files in a request to the AppDependency API. A remote, authenticated attacker could exploit this vulnerability by uploading a ZIP file with a maliciously crafted path. Successful exploitation could allow the attacker to write to an arbitrary file on the target system, which could be used to perform arbitrary code execution in the security context of SYSTEM.
Affected Products
Zoho Corporation ManageEngine Desktop Central prior to 10.0.484
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/desktop-central/arbitrary-file-upload-vulnerability.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-08-03 | 25.614 | Name:ZOHO. ME. Desktop. Central. AppDependency. Arbitrary. File. Write:ManageEngine. Desktop. Central. AppDependency. Arbitrary. File. Write |
| 2020-09-30 | 16.934 | Name:Zoho. ME. Desktop. Central. AppDependency. Arbitrary. File. Write:ZOHO. ME. Desktop. Central. AppDependency. Arbitrary. File. Write |
| 2020-09-16 | 16.924 | Name:Zoho. ManageEngine. Desktop. Central. AppDependency. Arbitrary. File. :Zoho. ME. Desktop. Central. AppDependency. Arbitrary. File. Write |
| 2020-07-29 | 15.897 | Default_action:pass:drop |
| 2020-07-21 | 15.891 |
| ID | 49324 |
| Created | Jul 13, 2020 |
| Updated | Aug 02, 2023 |
| Risk |
|
| CVE ID | CVE-2020-10859 |
| Exploit Prediction Score | 3.57% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |