Security Updates on Vulnerabilities

DLL Hijacking Vulnerability

This document will explain you the DLL Hijacking vulnerability in Endpoint Central MSP. This vulnerability was raised by Andrea Ghelli (CVE-2020-9367).

What was the problem?

Endpoint Central MSP accesses external libraries for specific operations via EXE files. The vulnerability leverages the qualified path used for accessing the DLL files.
When the desired DLL file is not found, it is searched for, using the standard searching methods. If there is at least one directory with write permission for normal users, then an attacker can subsititute the DLL file name with another mailicious file with the same name.

How do I fix it?

This has been identified and fixed in Endpoint Central MSP build 10.0.486 . To apply this fix, follow the steps below:

  1. Log in to your Endpoint Central MSP console, click on your current build number on the top right corner.
  2. You can find the latest build applicable to you. Download the PPM and update.

    3.  

    Keywords: Security Updates, Vulnerabilities and Fixes.

     
    Knowledge Base
     

 

Remote Desktop & Mobile Device Management Software for MSPs trusted by