CVE-2020-15589

CVE-2020-15589

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.

Source: CVE-2020-15589

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다