Zoho Desktop Central Vulnerability – CVE-2024-2370
Share this:
Organizations using a widely deployed enterprise management solution are facing a serious security threat. A critical vulnerability has been discovered in older versions of ManageEngine Desktop Central, developed by Zoho Corporation.
The vulnerability tracked as CVE-2024-2370, with a CVSS 9.8, a flaw that makes it possible for a remote attacker to upload malicious files to a vulnerable system without needing any login credentials.
This vulnerability poses a substantial risk due to Desktop Central’s purpose and reach. As a Unified Endpoint Management (UEM) solution, it has deep access to a network’s PCs, servers, and mobile devices. Successful exploitation of this flaw could allow attackers to:
- Deploy malware or ransomware across an entire network
- Steal sensitive data
- Disrupt critical business operations
Affected Versions
The CVE-2024-2370 vulnerability specifically exists in ManageEngine Desktop Central version 9, build 90055. Crucially, this version is more than five years old, highlighting the dangers of running outdated software.
Mitigation
Zoho has addressed this vulnerability in newer versions of Desktop Central (now referred to as Endpoint Central). Organizations using this software are urged to take immediate action:
Identify: Determine if any systems are still running the affected version of Desktop Central.
Update: Upgrade affected systems to the latest secure version as soon as possible.
