Vulnerability Details CVE-2020-24397
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.128
EPSS Ranking 93.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2020-24397
-
cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.0