Comprehensive software reviews to make better IT decisions
ManageEngine Desktop Central Remote Code Execution Vulnerability
A remote code execution vulnerability in ManageEngine Desktop Central, with a CVSS score of 9.8, was recently discovered by a third party. To address this gap, ManageEngine has released an update.
ManageEngine Desktop Central is an on-premises application that helps organizations manage desktops and mobile devices.
“Desktop Central is a unified endpoint management solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.”
Source: ManageEngine Desktop Central product information page
The reported vulnerability allows a remote attacker to execute arbitrary code on the target system. As a preliminary stop-gap measure, ManageEngine released a temporary fix in build 10.0.474 on January 20, 2020, followed by a permanent fix in build 10.0.479 released on March 7, 2020.
Source: ManageEngine Desktop Central remote code execution vulnerability (CVE-2020-10189), March 2020
Our Take
We strongly recommend that all ManageEngine Desktop Central administrators install this update as soon as possible, to minimize susceptibility to remote attacks.
The threat of remote code execution is one that should always be taken seriously. In the case of ManageEngine Desktop Central, the urgency is even more severe: as a unified endpoint management solution, Desktop Central has the ability to push out and install software onto endpoint devices. In the event that the service is compromised, a hacker can essentially propagate malware to the target systems, further wreaking havoc. Proactivity breeds prevention; it is imperative for organizations to be aware of potential vulnerabilities even after remedial updates have been released.
Want to Know More?
Eplore Your Options for Managing Chromebooks
Develop and Implement a Security Incident Management Program