CVE-2024-10203

Name of the Vulnerable Software and Affected Versions Zohocorp ManageEngine EndPoint Central versions 11.3.2416.21 and below Zohocorp ManageEngine EndPoint Central versions 11.3.2428.9 and below

Description The issue is related to arbitrary file deletion in the agent installed machines due to insecure privilege management. This could allow an attacker to delete arbitrary files. The vulnerability affects the ManageEngine Endpoint Central MSP, a remote monitoring and management tool for desktops, servers, laptops, and mobile devices.

Recommendations For versions 11.3.2416.21 and below, update to a version above 11.3.2416.21 to resolve the issue. For versions 11.3.2428.9 and below, update to a version above 11.3.2428.9 to resolve the issue. As a temporary workaround, consider restricting access to the agent installed machines to minimize the risk of exploitation.