CVE-2020-15588

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central version 10.0.552.W

Description An issue in the client side of the software allows an attacker-controlled server to trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate, leading to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This occurs when untrusted communication is initiated with a server.

Recommendations For Zoho ManageEngine Desktop Central version 10.0.552.W, consider restricting untrusted communication with servers to minimize the risk of exploitation. As a temporary workaround, ensure that agents only connect with trusted communication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.