CVE-2020-14011

Опубликовано: 15 июн. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.

Ссылки

http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
https://pastebin.com/EUkMx94X
Third Party Advisory
https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/
Vendor Advisory
http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html
Third Party Advisory
VDB Entry
https://pastebin.com/EUkMx94X
Third Party Advisory
https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*

Версия от 6.0.0.19 (включая) до 7.2.108.6 (включая)

EPSS

Процентиль: 97%

0.3383

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1188

Связанные уязвимости

GHSA-7754-v5c4-c9pg