Security Updates on Vulnerabilities

CVE-2020-15589: Untrusted Agent-Server Communication

This document addresses untrusted agent-server communication vulnerability (CVE-2020-15589) in Desktop Central reported by Tomasz KuczyƄski and pat0is.

What was the problem?

There's an untrusted Agent-Server communication.

Impact:

Agent will establish communication with the server without verifying the identity of the server possibly resulting in Remote Code Execution.

Note: MiTM can be exploited only when an attacker gets network level privileges to spoof the DNS ie., the attacker is in the same network.

How do I fix it?

This has been identified and fixed in Desktop Central build 100646. Customers have to upgrade to build 100646 or above to patch this vulnerability.

For any queries, feel free to contact our support team at desktopcentral-support@manageengine.com

    Keywords: Security Updates, ZVE-2020-0585, MiTM, Vulnerabilities and Fixes.