CVE-2020-9367 is a vulnerability in Zoho Corp Manageengine Desktop Central
Published on March 18, 2021

The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM.

NVD

Products Associated with CVE-2020-9367

Want to know whenever a new CVE is published for Zoho Corp Manageengine Desktop Central? stack.watch will email you.

Zoho Corp Manageengine Desktop Central

Exploit Probability

EPSS

0.18%

Percentile

39.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-9367 is a vulnerability in Zoho Corp Manageengine Desktop CentralPublished on March 18, 2021

Products Associated with CVE-2020-9367

Exploit Probability

CVE-2020-9367 is a vulnerability in Zoho Corp Manageengine Desktop Central
Published on March 18, 2021