Latest Research

This content is currently locked.

Your current Info-Tech Research Group subscription does not include access to this content. Contact your account representative to gain access to Premium SoftwareReviews.

Contact Your Representative
Or Call Us:
1-888-670-8889 (US/CAN) or
+1-519-432-3550 (International)

Comprehensive software reviews to make better IT decisions

ManageEngine Desktop Central Remote Code Execution Vulnerability

A remote code execution vulnerability in ManageEngine Desktop Central, with a CVSS score of 9.8, was recently discovered by a third party. To address this gap, ManageEngine has released an update.

ManageEngine Desktop Central is an on-premises application that helps organizations manage desktops and mobile devices.

“Desktop Central is a unified endpoint management solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location.”

Source: ManageEngine Desktop Central product information page

The reported vulnerability allows a remote attacker to execute arbitrary code on the target system. As a preliminary stop-gap measure, ManageEngine released a temporary fix in build 10.0.474 on January 20, 2020, followed by a permanent fix in build 10.0.479 released on March 7, 2020.

Source: ManageEngine Desktop Central remote code execution vulnerability (CVE-2020-10189), March 2020

Our Take

We strongly recommend that all ManageEngine Desktop Central administrators install this update as soon as possible, to minimize susceptibility to remote attacks.

The threat of remote code execution is one that should always be taken seriously. In the case of ManageEngine Desktop Central, the urgency is even more severe: as a unified endpoint management solution, Desktop Central has the ability to push out and install software onto endpoint devices. In the event that the service is compromised, a hacker can essentially propagate malware to the target systems, further wreaking havoc. Proactivity breeds prevention; it is imperative for organizations to be aware of potential vulnerabilities even after remedial updates have been released.

Want to Know More?

ManageEngine Deskop Central

Eplore Your Options for Managing Chromebooks

Develop and Implement a Security Incident Management Program

Design and Implement a Vulnerability Management Program

Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019