.. / CVE-2020-10189

Exploit for ManageEngine Desktop Central Java Deserialization (CVE-2020-10189)

Description:

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution.

Nuclei Template

View the template here CVE-2020-10189.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-10189.yaml
Copy

References:

https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
https://y4er.com/posts/cve-2020-10189-zoho-manageengine-rce/
https://cwe.mitre.org/data/definitions/502.html
https://blog.reconinfosec.com/analysis-of-exploitation-cve-2020-10189
https://nvd.nist.gov/vuln/detail/CVE-2020-10189