Untrusted Deserialization Flaw in Zoho ManageEngine Desktop Central Patched (CVE-2020-10189) 

On Thursday, Steven Seeley of Source Incite published a security advisory and associated proof-of-concept for a critical vulnerability in Zoho ManageEngine Desktop Central.

CVE-2020-10189 is an untrusted deserialization vulnerability in Desktop Central due to improper input validation in the FileStorage class. Successful exploitation of the flaw would grant an attacker arbitrary code execution with SYSTEM/root privileges.

For more information about the vulnerability, including patches, please visit our blog.