CVE-2020-15589: Untrusted Agent-Server Communication

This document addresses untrusted agent-server communication vulnerability (CVE-2020-15589) in Endpoint Central reported by Tomasz KuczyƄski and pat0is.

What was the problem?

There's an untrusted Agent-Server communication.

Impact:

Agent will establish communication with the server without verifying the identity of the server possibly resulting in Remote Code Execution.

Note: MiTM can be exploited only when an attacker gets network level privileges to spoof the DNS ie., the attacker is in the same network.

How do I fix it?

This has been identified and fixed in Endpoint Central build 100646. Customers have to upgrade to build 100646 and follow the steps provided in this document to patch this vulnerability.

For any queries, feel free to contact our support team at desktopcentral-support@manageengine.com

    Keywords: Security Updates, ZVE-2020-0585, MiTM, Vulnerabilities and Fixes.