What is CVE-2020-8838?

CVE-2020-8838 is a medium-severity vulnerability in Zohocorp Manageengine_assetexplorer, classified under Improper Validation of Integrity Check Value. CVSS score: 6.4/10. Published 2020-03-23.

How severe is CVE-2020-8838?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Is CVE-2020-8838 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Zohocorp Manageengine_assetexplorer

CVE-2020-8838

An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows agent, it does not validate the source and binary downloaded. This allows an attacker on an adjacent network to execute code with NT AUTHORITY…

EPSS: 0.016 (72.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Zohocorp Manageengine_assetexplorer — versions 6.5
N/a — versions n/a

Weakness classification (CWE)

CWE-354 — Improper Validation of Integrity Check Value

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-8838

References

cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
cve@mitre.org (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2020-8838?: CVE-2020-8838 is a medium-severity vulnerability in Zohocorp Manageengine_assetexplorer, classified under Improper Validation of Integrity Check Value. CVSS score: 6.4/10. Published 2020-03-23.
How severe is CVE-2020-8838?: Medium severity. CVSS v3 base score is 6.4 out of 10.
Is CVE-2020-8838 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.