CVE-2020-15595 : What You Need to Know

Zoho Application Control Plus before version 10.0.511 is affected by a vulnerability that allows attackers to retrieve sensitive information about internal networks.

Understanding CVE-2020-15595

Zoho Application Control Plus is vulnerable to an information disclosure issue that could lead to the exposure of IP ranges and subnets.

What is CVE-2020-15595?

This CVE refers to a vulnerability in Zoho Application Control Plus that enables attackers to access and retrieve a list of IP ranges and subnets configured in the product, potentially exposing internal network details.

The Impact of CVE-2020-15595

The vulnerability poses a medium severity risk with low confidentiality impact, allowing attackers to gather information about internal network cartography.

Technical Details of CVE-2020-15595

Zoho Application Control Plus before version 10.0.511 is susceptible to an information disclosure vulnerability.

Vulnerability Description

The Element Configuration feature in the affected version allows attackers to retrieve IP ranges and subnets, exposing internal network details.

Affected Systems and Versions

Product: Zoho Application Control Plus
Versions affected: Before 10.0.511

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: Low
User Interaction: None

Mitigation and Prevention

Steps to address and prevent exploitation of CVE-2020-15595

Immediate Steps to Take

Update Zoho Application Control Plus to version 10.0.511 or later.
Monitor network traffic for any suspicious activities.

Long-Term Security Practices

Regularly review and update network security configurations.
Conduct security assessments to identify and address vulnerabilities.

Patching and Updates

Apply security patches and updates provided by Zoho to mitigate the vulnerability.