CVE-2022-32573
published 2022-12-15CVE-2022-32573: A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request…
PriorityP356high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.69%
88.3th percentile
A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lansweeper | lansweeper | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
blogs_talos·2022-12-01·CVSS 6.5
CVE-2022-32573 [MEDIUM] Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes.
Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). An attacker can send an HTTP request to trigger these vulnerabilities.
Both TALOS-2022-1532 (CVE-2022-28703) and TALOS-2022-1541 (CVE-2022-32763) are cros
Talos
Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
blogs_talos·2022-12-01·CVSS 6.5
[MEDIUM] Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
## Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities
Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.
Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes.
Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). An attacker can send an HTTP request to trigger these
2022-12-15
Published