In the start of Oct 2020, Cybersecurity and Infrastructure Security Agency (CISA) published an advisory notifying about vulnerabilities that were exploited in the wild to retrieve sensitive data such as intellectual property, economic, political, as well as military information. According to CISA, in the light of heightened tensions between U.S. and China, these vulnerabilities were … Continue reading “Publicly-known Vulnerabilities Exploited by State-sponsored Cyber Threat Actors”
Tag: CVE-2020-10189
Zoho ManageEngine Desktop Central Unauthenticated Remote Code Execution Vulnerability (CVE-2020-10189)
Summary: Recently an information security specialist named Steven Seeley from Source Incite Disclosed Unauthenticated Remote Code Execution Vulnerability affecting Desktop Central build 10.0.473 and below that allows remote attackers to execute arbitrary code on the target system. This issue was assigned under CVE-2020-10189. Description: Zoho ManageEngine Desktop Central is prone to untrusted deserialization vulnerability (CVE-2020-10189). … Continue reading “Zoho ManageEngine Desktop Central Unauthenticated Remote Code Execution Vulnerability (CVE-2020-10189)”
ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)
Summary: A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Description: Zoho ManageEngine Desktop Central faces An untrusted deserialization vulnerability. The vulnerability stems from an improper input validation in the FileStorage class. This … Continue reading “ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)”