Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor's position is "it's not a vulnerability in our product."
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine Device Control Plus 安全漏洞
Vulnerability Description
ZOHO ManageEngine Device Control Plus是美国卓豪(ZOHO)公司的一款 USB 设备控制软件。用于控制、阻止和监视连接到计算机的所有可移动设备。 ZOHO ManageEngine Device Control Plus 10.1.2228.15版本存在安全漏洞,该漏洞源于可以通过使用虚拟机(VM)绕过USB限制。攻击者利用该漏洞在笔记本电脑或系统外部交换文件。
CVSS Information
N/A
Vulnerability Type
N/A