Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor's position is "it's not a vulnerability in our product."
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
ZOHO ManageEngine Device Control Plus 安全漏洞
Vulnerability Description
ZOHO ManageEngine Device Control Plus是美国卓豪(ZOHO)公司的一款 USB 设备控制软件。用于控制、阻止和监视连接到计算机的所有可移动设备。 ZOHO ManageEngine Device Control Plus 10.1.2228.15版本存在安全漏洞,该漏洞源于可以通过引导到安全模式来绕过USB限制。攻击者利用该漏洞在笔记本电脑或系统外部交换文件。
CVSS Information
N/A
Vulnerability Type
N/A