CVE-2022-21234
published 2022-04-14CVE-2022-21234: An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL…
PriorityP268high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
71.28%
99.3th percentile
An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lansweeper | lansweeper | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
SID 58884 - 58894
- →Trigger condition: authenticated HTTP request to EchoAssets.aspx with a specially crafted payload causes SQL injection. ↗
- →Attacker must be authenticated and have proper permissions; unauthenticated exploitation is not possible. ↗
- →Vulnerable component is one of multiple .aspx files in Lansweeper; monitor HTTP requests targeting .aspx endpoints for SQL injection patterns. ↗
- ·Confirmed affected version is 9.1.20.2; version 9.2.0 contains the fix — ensure detection rules are scoped to unpatched instances. ↗
- ·Snort rules 58884–58894 may be updated as additional vulnerability information becomes available; always pull the latest rule set from Cisco Secure Firewall Management Center or Snort.org. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections
blogs_talos·2022-02-24·CVSS 4.8
[MEDIUM] Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections
## Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device.
Lansweeper gathers the hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes. There are vulnerabilities in multiple .aspx files contained in Lansweeper that, if targeted correctly, could allow an adversary to inject malicious code.
TALOS-2022-1441 (CVE-2022-22149), TALOS-2022-1443 (CVE-2022-21234) and TALOS-2022-1444 (CVE-2022-21210) can all be triggered
Talos
Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections
blogs_talos·2022-02-24·CVSS 4.8
[MEDIUM] Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities.
Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device.
Lansweeper gathers the hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes. There are vulnerabilities in multiple .aspx files contained in Lansweeper that, if targeted correctly, could allow an adversary to inject malicious code.
TALOS-2022-1441 (CVE-2022-22149), TALOS-2022-1443 (CVE-2022-21234) and TALOS-2022-1444 (CVE-2022-21210) can all be triggered if the attacker sends the targeted device a specially crafted HTTP request. The HTTP request can tri
2022-04-14
Published