CVE-2020-8838
ManageEngine Asset Explorer Windows Agent Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.
Se detectó un problema en Zoho ManageEngine AssetExplorer versión 6.5. Durante una actualización del agente de Windows, no comprueba la fuente y el binario descargado. Esto permite a un atacante sobre una red adyacente ejecutar código con privilegios NT AUTHORITY/SYSTEM en las máquinas del agente al proporcionar un ejecutable arbitrario por medio de un ataque de tipo man-in-the-middle.
The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-10 CVE Reserved
- 2020-03-23 CVE Published
- 2023-06-10 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-354: Improper Validation of Integrity Check Value
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/157612/ManageEngine-Asset-Explorer-Windows-Agent-Remote-Code-Execution.html | 2024-08-04 | |
http://seclists.org/fulldisclosure/2020/May/29 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.manageengine.com/products/asset-explorer/sp-readme.html | 2022-10-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zohocorp Search vendor "Zohocorp" | Manageengine Assetexplorer Search vendor "Zohocorp" for product "Manageengine Assetexplorer" | 6.5 Search vendor "Zohocorp" for product "Manageengine Assetexplorer" and version "6.5" | - |
Affected
|