The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-18T19:35:29
Updated: 2024-08-04T10:26:16.301Z
Reserved: 2020-02-24T00:00:00
Link: CVE-2020-9367
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-18T20:15:13.097
Modified: 2024-11-21T05:40:29.720
Link: CVE-2020-9367
Redhat
No data.