Short Name |
HTTP:CTS:ZOHO-MEDC-GTCHRTIMG-ID |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Zoho ManageEngine Desktop Central FileStorage getChartImage Insecure Deserialization |
Release Date |
2020/03/30 |
Update Number |
3267 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine Desktop Central. A successful attack can lead to arbitrary code execution
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.