CVE-2020-10189: Zoho ManageEngine Desktop Central File Upload

Zoho ManageEngine Desktop Central File Upload Vulnerability. Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.

• CISA KEV-listed (remediation due 2022-05-03)
• EPSS 94.2% (99.9% percentile)

Detection rules

• Exploited CVE-2020-10189 Zoho ManageEngine high

Exploiting malware & tools

• BITSAdmin

Linked threat actors

• MirrorFace
• HEXANE
• APT41
• Storm-1811
• Daggerfly
• APT40
• Tropic Trooper
• Ferocious Kitten
• Conti

Browse the CVE database

Read the full analysis on IntelFusions