CVE-2020-9367

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Desktop Central MSP version 10.0.486

Description: The issue is related to DLL Hijacking, where dcinventory.exe and dcconfig.exe attempt to load CSUNSAPI.dll without providing a complete path. This is problematic because the DLL is missing from the installation, allowing for potential DLL hijacking and code injection, which could lead to an escalation of privilege to NT AUTHORITYSYSTEM.

Recommendations: For version 10.0.486, consider disabling the dcinventory.exe and dcconfig.exe executables as a temporary workaround until a patch is available. Restrict access to these executables to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.