Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html | Third Party Advisory VDB Entry |
https://pastebin.com/EUkMx94X | Third Party Advisory |
https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/ | Vendor Advisory |
Configurations
History
26 Apr 2022, 18:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html - Third Party Advisory, VDB Entry | |
CWE | CWE-1188 |
Information
Published : 2020-06-15 15:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-14011
Mitre link : CVE-2020-14011
CVE.ORG link : CVE-2020-14011
JSON object : View
Products Affected
lansweeper
- lansweeper
CWE
CWE-1188
Insecure Default Initialization of Resource