CVE-2020-14011
published 2020-06-15CVE-2020-14011: Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually…
PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
29.47%
97.9th percentile
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lansweeper | lansweeper | 6.0.0.19 – 7.2.108.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Identify exposed Lansweeper web consoles via Shodan using the title dork; internet-facing instances may have default admin credentials enabled. ↗
- →Monitor for use of the 'Add New Package' and 'Scheduled Deployments' features in Lansweeper, as these are the attack vectors for command execution once authenticated with default credentials. ↗
- →Alert on authentication events using the built-in admin account ('Built-in Admin' button) on Lansweeper web consoles, especially from unexpected source IPs. ↗
- →Lansweeper uses ASP.NET technology; monitor ASP.NET web application logs for unauthenticated or default-credential access followed by package/deployment creation activity. ↗
- ·The default installation of Lansweeper 6.0.x through 7.2.x ships with the 'Built-in admin' option enabled, granting full console access to anyone on the network without authentication unless manually unchecked during setup. ↗
- ·The First Run Wizard does not enforce disabling of the Built-in Admin; all subsequent console accesses default to allowing full feature access via the Built-in Admin button. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.htmlhttps://pastebin.com/EUkMx94Xhttps://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.htmlhttps://pastebin.com/EUkMx94Xhttps://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/
2020-06-15
Published