CVE-2020-9367
HIGHZoho ManageEngine Desktop Central MSP build 10.0.486 - DLL Hijacking via CSUNSAPI.dll
Title source: llmDescription
The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.manageengine.com/desktop-management-msp/dll-hijacking-vulnerability.html
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
33.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
zohocorp/manageengine_desktop_central
10.0.486
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026