virus logo FortiClient Vulnerability

ManageEngine Desktop Central CVE-2020-15589 Vulnerability

description-logoDescription

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.

affected-products-logoAffected Applications

ManageEngine Desktop Central

CVE References

CVE-2020-15589

Other References

https://www.manageengine.com/products/desktop-central/knowledge-base.html
ID 71034
Created Feb 10, 2022
Description
Updated		 Dec 18, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Zoho
Patch manual
Application ManageEngine Desktop Central