CVE-2020-24397

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Desktop Central version 10.0.0.SP-534

Description An issue in the client side of the software allows an attacker-controlled server to trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate functions, leading to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.

Recommendations For Zoho ManageEngine Desktop Central version 10.0.0.SP-534, consider disabling the InternetSendRequestEx and InternetSendRequestByBitrate functions as a temporary workaround until a patch is available. Restrict access to the client side of the software to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.