Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An unauthenticated attacker with access to a vulnerable Manage Engine Desktop Central server can remotely run arbitrary code on the server. A successful exploit can result in the attacker gaining control of the server and launching additional attacks on network devices, deploying ransomware, or moving laterally across the network.
Kill Chain
Risk Score
88
The ManageEngine Desktop Central service acts as a central server to help manage connected devices, such as workstations, servers, and phones, within an enterprise environment. Desktop Central contains a vulnerability that allows untrusted data in uploaded files to be processed and run as code on the ManageEngine server. To exploit this vulnerability, the attacker submits a POST request to upload a malicious file to a specific folder (\ManageEngine\DesktopCentral_Server\webapps\DesktopCentral\_chart) (1). The attacker then sends a GET request to run the malicious file (2). The malicious code runs on the ManageEngine server with system, or root, privileges. The attacker can then perform additional attacks, such as sending malware or ransomware to connected devices across the network.
