Vulnerability in Windows Domain Name System (DNS)
On July 14, 2020, Microsoft released a security update for the issue described in CVE-2020-1350 | Windows DNS Server Remote Code Execution...
24/7/365 Monitoring & Alerting
Compromise Assessments
Threat Hunting
Vulnerability Management
CMMC Preparation & Assessment
Cybersecurity Assurance Readiness (CSAR®/RMF Pro)
ATO/RMF Support
If you are concerned about a potential threat or are experiencing a breach, contact our 24/7/365 emergency hotline at 888-860-0452.
Sign up to receive our biweekly newsletter that covers what's happening in cybersecurity including news, trends, and thought leadership.
At our core, Ingalls is a company that strives to be helpful to our clients while continuously innovating and evolving our technology and solutions. Since 2010, we have been dedicated to building a team and product that can stay steps ahead of threats, attacks, and vulnerabilities in an ever-changing landscape.
3 min read
Cyrus Robinson : Mar 12, 2020 12:00:00 AM
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
This vulnerability is a zero-day vulnerability with a public proof of concept and is actively being exploited in the wild. This vulnerability allows attackers to remotely execute arbitrary code with SYSTEM privileges on compromised ManageEngine Desktop Central instances.
ManageEngine Desktop Central
CVE-2020-10189
Remote Code Execution
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
Publicly Disclosed |
Yes |
Exploited |
Yes |
Latest Software Release |
1 - Exploitation More Likely |
Older Software Release |
1 - Exploitation More Likely |
Denial of Service |
N/A |
9.8 - Critical
An attacker could gain SYSTEM root level code execution on affected ManageEngine Desktop Central instances without authentication. If the vulnerable instance is exposed on the Internet (there are currently over 2300 exposed ManageEngine systems on the Internet) this could provide attackers with an entry point to the network. Even if the instance is not exposed on the Internet, a compromised device on the same network as a vulnerable Desktop Central instance could be used to exploit the vulnerable Desktop Central instance. At that point, the vulnerability could be used to deploy malware laterally to other computers on the network. Similar tactics have been seen with victim Managed Service Providers (MSP) remote monitoring and management (RMM) tools to deploy ransomware to all of the MSP’s clients.
On July 14, 2020, Microsoft released a security update for the issue described in CVE-2020-1350 | Windows DNS Server Remote Code Execution...
A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. ...
Apache Log4j2 <=2.14.1 JNDI features used in the configuration, log messages, and parameters do not protect against attacker-controlled LDAP and...