CVE-2020-29658
Description
Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-29658 is a privilege escalation vulnerability in Zoho ManageEngine Application Control Plus before build 100523 due to insecure Nginx SSL configuration.
Vulnerability
CVE-2020-29658 is a privilege escalation vulnerability in Zoho ManageEngine Application Control Plus before build 100523. The issue arises from an insecure SSL configuration setting for Nginx, which can be exploited to elevate privileges on the affected system.
Exploitation
An attacker with low-privileged access to the application server can exploit the insecure Nginx SSL configuration to escalate their privileges. No user interaction is required beyond the initial access. The specific exploitation steps are not detailed in the available references, but the vulnerability is rooted in the configuration weakness.
Impact
Successful exploitation allows an attacker to gain elevated privileges on the affected system. This could lead to full compromise of the application and underlying host, including unauthorized access to sensitive data, further system control, and potential lateral movement within the network.
Mitigation
Zoho released a fix in build 100523 on 17 November 2020. Users must upgrade to this build or later by obtaining the upgrade pack from the service packs page and following the provided instructions [1]. No workarounds are documented for earlier versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho/ManageEngine Application Control Plusdescription
- Range: <100523
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.