A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-02T19:13:23

Updated: 2024-08-04T13:22:30.388Z

Reserved: 2020-07-07T00:00:00

Link: CVE-2020-15589

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-02T20:15:12.753

Modified: 2024-11-21T05:05:48.573

Link: CVE-2020-15589

cve-icon Redhat

No data.