An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-23T16:05:43
Updated: 2024-08-04T10:12:10.919Z
Reserved: 2020-02-10T00:00:00
Link: CVE-2020-8838
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-03-23T17:15:15.427
Modified: 2024-11-21T05:39:32.317
Link: CVE-2020-8838
Redhat
No data.