# ManageEngine Endpoint Central remote code execution vulnerability (CVE-2020-10189)

This document explains the unauthenticated remote code execution vulnerability in Endpoint Central which was reported by Steven Seeley of Source Incite. The short-term fix for the arbitrary file upload vulnerability was released in build **10.0.474** on **January 20, 2020**. In continuation of that, the complete fix for the remote code execution vulnerability is now available in build **10.0.479**.

**Note:** This vulnerability will not impact Secure Gateway Server. Customers using builds that include the short-term fix are not vulnerable to this exploit.

**Related articles**

- [Identify and mitigate RCE vulnerability](https://www.manageengine.com/products/desktop-central/identify-and-mitigate-rce-vulnerability.html?utm_source=rce-kb)
- [Frequently asked questions](https://www.manageengine.com/products/desktop-central/rce-vulnerability-faq.html?utm_source=rce-kb)
- [Security Advisory](https://www.manageengine.com/products/desktop-central/rce-vulnerability-cve-2020-10189.html?utm_source=rce-kb)
- [Implications of RCE vulnerability](https://www.manageengine.com/products/desktop-central/implications-of-rce-vulnerability.html?utm_source=rce-kb)

## What was the problem?

This vulnerability could allow remote attackers to execute arbitrary code on affected installations of Endpoint Central. Authentication is not required to exploit this vulnerability.

## How do I fix it?

Please update to the latest version **10.0.479** released on **March 7, 2020**.

The patch and the steps to install it can be found in this page:  
[https://www.manageengine.com/products/desktop-central/service-packs.html](https://www.manageengine.com/products/desktop-central/service-packs.html)

## How do I fix it manually?

If you face any difficulties in applying patch, you can follow manual steps given below to fix the vulnerability.

1. Remove the content below from the file **web.xml** in the path **\ManageEngine\DesktopCentral_Server\webapps\DesktopCentral\WEB-INF\web.xml**.
2. After removing this content, restart Endpoint Central service.

```
<servlet-mapping>
<servlet-name>MDMLogUploaderServlet</servlet-name>
<url-pattern>/mdm/mdmLogUploader</url-pattern>
<url-pattern>/mdm/client/v1/mdmLogUploader</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>MDMLogUploaderServlet</servlet-name>
<servlet-class>com.me.mdm.onpremise.webclient.log.MDMLogUploaderServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>CewolfServlet</servlet-name>
<url-pattern>/cewolf/*</url-pattern>
</servlet-mapping>

<servlet>
<servlet-name>CewolfServlet</servlet-name>
<servlet-class>de.laures.cewolf.CewolfRenderer</servlet-class>

<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>

<init-param>
<param-name>overliburl</param-name>
<param-value>/js/overlib.js</param-value>
</init-param>

<init-param>
<param-name>storage</param-name>
<param-value>de.laures.cewolf.storage.FileStorage</param-value>
</init-param>

<load-on-startup>1</load-on-startup>
</servlet>
```

**Disclaimer:** After following the mitigation steps listed above, Endpoint Central users will not be able to upload logs from a mobile device.

**Second Advisory:** Refer [this document](https://www.manageengine.com/products/desktop-central/rce-vulnerability-cve-2020-10189.html?utm_source=rce-kb) for the subsequent security advisory.

**Keywords:** Security Updates, Vulnerabilities and Fixes, SRC-2020-0011.

## Contact Us

Should you have any further questions, please email dc-zeroday@manageengine.com or reach out to us using our toll-free number, +1-888-720-9500.