CVE-2022-27498

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lansweeper version 10.1.1.0

Description A directory traversal issue exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality. This allows an attacker to send a specially-crafted HTTP request, potentially leading to arbitrary file read.

Recommendations For Lansweeper version 10.1.1.0, consider restricting access to the TicketTemplateActions.aspx page until a fix is available. As a temporary workaround, avoid using the GetTemplateAttachment functionality to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-27498

Affected Products

Lansweeper

CVE-2022-27498

Weakness Enumeration

Related Identifiers

Affected Products

References · 4