ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)
Description
Zoho ManageEngine Desktop Central versions prior to 10.0.474 contain a critical Java deserialization vulnerability in the FileStorage getChartImage functionality. This flaw allows attackers to send maliciously crafted serialized Java objects to the application, which are then deserialized and executed without proper validation. Successful exploitation enables remote code execution with the privileges of the application server.
Remediation
Apply the following remediation steps immediately:
1. Upgrade ManageEngine Desktop Central to version 10.0.474 or later as soon as possible. Download the latest version from the official Zoho ManageEngine website.
2. Verify the installation after upgrading by checking the version number in the application's About section or administration console.
3. Review system logs for any suspicious activity or unauthorized access attempts that may have occurred prior to patching, particularly looking for unusual requests to the FileStorage or getChartImage endpoints.
4. Implement network segmentation to restrict access to the Desktop Central server to only authorized networks and users.
5. Monitor for indicators of compromise including unexpected processes, new user accounts, or unusual outbound network connections.
If immediate patching is not possible, consider temporarily isolating the affected system from the network until the update can be applied.