QwikSec

Security Database

CVE

CWE

Training

CVE-2020-8838

Published: Mar 23, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.manageengine.com/products/asset-explorer/sp-readme.html

x_refsource_CONFIRM

20200508 Asset Explorer Windows Agent - Remote Code Execution

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/157612/ManageEngine-Asset-Explorer-Windows-Agent-Remote-Code-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2020-8838 - Security Vulnerability | QwikSec