Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY/SYSTEM privileges on the agent machines by providing an arbitrary executable via a man-in-the-middle attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine AssetExplorer 安全漏洞
Vulnerability Description
ZOHO ManageEngine AssetExplorer是美国卓豪(ZOHO)公司的一套资产管理软件。该软件提供资产跟踪、IT资产的扫描和资产所有权的跟踪等功能。 ZOHO ManageEngine AssetExplorer 6.5版本中存在安全问题,该漏洞源于Windows代理升级期间,该程序不会验证下载的源代码和二进制文件。攻击者可借助特制的可执行文件利用该漏洞在代理计算机上以NT AUTHORITY/SYSTEM权限执行代码。
CVSS Information
N/A
Vulnerability Type
N/A