Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
ZOHO Zero-Day Security Vulnerability
Image
Veröffentlicht : 09/03/2020
Reference:
Advisory #2020-006
Version:
1.0
Affected software:
ManageEngine Desktop Central version 10.0.473 and earlier
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2020-10189 – 10.0
Sources
https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
Risks
A remote attacker can leverage this security flaw to execute arbitrary code on affected installations of Desktop Central. Authentication is not required to exploit this vulnerability.
Description
Zoho has released a security update that impacts ManageEngine Desktop Central build 10.0.473. and below.
The exploitation of CVE-2020-10189 allows threat actors to execute arbitrary code as SYSTEM/root on unpatched ManageEngine Desktop Central (also known as Unified Endpoint Management - UEM). Unpatched Desktop Central Installations could also lead to the deployment of dangerous malware on the network of a company.
Recommended Actions
CERT.be recommends users of ManageEngine Desktop Central build 10.0.473. and below to update to the latest version 10.0.479 or newer, released by Zoho.