CVE-2020-24397: Integer Overflow
First published: Fri Oct 02 2020(Updated: )
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Desktop Central | =10.0.0-sp-534 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue in Zoho ManageEngine Desktop Central?
The vulnerability ID for this issue in Zoho ManageEngine Desktop Central is CVE-2020-24397.
What is the severity of CVE-2020-24397?
CVE-2020-24397 has a severity rating of critical.
What is the affected software version of CVE-2020-24397?
The affected software version of CVE-2020-24397 is Zoho ManageEngine Desktop Central 10.0.0.SP-534.
How can an attacker exploit CVE-2020-24397?
An attacker can exploit CVE-2020-24397 by triggering an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate, leading to a heap-based buffer overflow and remote code execution.
Is there a fix for CVE-2020-24397?
Yes, it is recommended to update to the latest version of Zoho ManageEngine Desktop Central to fix CVE-2020-24397.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine desktop central
- version/zohocorp manageengine desktop central/10.0.0-sp-534