Vulnerabilities > CVE-2017-13706 - XXE vulnerability in Lansweeper

047910
CVSS 9.9 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
lansweeper
CWE-611
critical
NVD
Published: 2017-10-10
Updated: 2017-11-05

Summary

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.

Vulnerable Configurations

Part Description Count
Application
Lansweeper
106

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/144527/lansweeper-xxe.txt
idPACKETSTORM:144527
last seen2017-10-08
published2017-10-06
reporterMehmet Ince
sourcehttps://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html
titleLansweeper 6.0.100.29 XXE Injection

References