What is the vulnerability ID for this issue in Zoho ManageEngine AssetExplorer?

The vulnerability ID for this issue in Zoho ManageEngine AssetExplorer is CVE-2020-8838.

What is the severity of CVE-2020-8838?

The severity of CVE-2020-8838 is medium with a CVSS score of 6.4.

Are there any known references for CVE-2020-8838?

Yes, there are references available for CVE-2020-8838. You can find them at the following links: [link1](http://packetstormsecurity.com/files/157612/ManageEngine-Asset-Explorer-Windows-Agent-Remote-Code-Execution.html), [link2](http://seclists.org/fulldisclosure/2020/May/29), [link3](https://www.manageengine.com/products/asset-explorer/sp-readme.html).

What is the Common Weakness Enumeration (CWE) ID for CVE-2020-8838?

The Common Weakness Enumeration (CWE) ID for CVE-2020-8838 is CWE-354.

Vulnerability/
CVE-2020-8838

medium

6.4

CWE

354

23/3/2020

4/8/2024

CVE-2020-8838

First published: Mon Mar 23 2020(Updated: )

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Assetexplorer	=6.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue in Zoho ManageEngine AssetExplorer?
The vulnerability ID for this issue in Zoho ManageEngine AssetExplorer is CVE-2020-8838.
What is the severity of CVE-2020-8838?
The severity of CVE-2020-8838 is medium with a CVSS score of 6.4.
How does CVE-2020-8838 affect Zoho ManageEngine AssetExplorer?
CVE-2020-8838 allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines during an upgrade of the Windows agent in Zoho ManageEngine AssetExplorer.
Are there any known references for CVE-2020-8838?
Yes, there are references available for CVE-2020-8838. You can find them at the following links: [link1](http://packetstormsecurity.com/files/157612/ManageEngine-Asset-Explorer-Windows-Agent-Remote-Code-Execution.html), [link2](http://seclists.org/fulldisclosure/2020/May/29), [link3](https://www.manageengine.com/products/asset-explorer/sp-readme.html).
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-8838?
The Common Weakness Enumeration (CWE) ID for CVE-2020-8838 is CWE-354.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/description
agent/type
agent/event
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/zohocorp
canonical/zohocorp manageengine assetexplorer
version/zohocorp manageengine assetexplorer/6.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.