PT-2020-13838 · Lansweeper · Lansweeper
Published
2020-06-15
·
Updated
2022-04-26
·
CVE-2020-14011
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lansweeper versions 6.0.x through 7.2.x
Description
The issue concerns a default installation setting where the admin password is configured for the admin account, unless the "Built-in admin" option is manually unchecked. This configuration allows for command execution through the Add New Package and Scheduled Deployments features.
Recommendations
For Lansweeper versions 6.0.x through 7.2.x, manually uncheck the "Built-in admin" option during installation to prevent the default admin password configuration. As a temporary workaround, consider restricting access to the Add New Package and Scheduled Deployments features until the issue is resolved.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lansweeper