This document addresses untrusted agent-server communication vulnerability (CVE-2020-15589) in Desktop Central reported by Tomasz Kuczyński and pat0is.
There's an untrusted Agent-Server communication.
Agent will establish communication with the server without verifying the identity of the server possibly resulting in Remote Code Execution.
Note: MiTM can be exploited only when an attacker gets network level privileges to spoof the DNS ie., the attacker is in the same network.
This has been identified and fixed in Desktop Central build 100646. Customers have to upgrade to build 100646 and follow the steps provided in this document to patch this vulnerability.
For any queries, feel free to contact our support team at firstname.lastname@example.org
Keywords: Security Updates, ZVE-2020-0585, MiTM, Vulnerabilities and Fixes.