Free Edition This document addresses untrusted agent-server communication vulnerability (CVE-2020-15589) in Endpoint Central reported by Tomasz KuczyĆski and pat0is.
There's an untrusted Agent-Server communication.
Agent will establish communication with the server without verifying the identity of the server possibly resulting in Remote Code Execution.
Note: MiTM can be exploited only when an attacker gets network level privileges to spoof the DNS ie., the attacker is in the same network.
This has been identified and fixed in Endpoint Central build 100646. Customers have to upgrade to build 100646 and follow the steps provided in this document to patch this vulnerability.
For any queries, feel free to contact our support team at desktopcentral-support@manageengine.com
Keywords: Security Updates, ZVE-2020-0585, MiTM, Vulnerabilities and Fixes.