Vulnerabilities > CVE-2017-13706 - XXE vulnerability in Lansweeper
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/144527/lansweeper-xxe.txt |
id | PACKETSTORM:144527 |
last seen | 2017-10-08 |
published | 2017-10-06 |
reporter | Mehmet Ince |
source | https://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html |
title | Lansweeper 6.0.100.29 XXE Injection |
References
- http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html
- http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html
- http://seclists.org/fulldisclosure/2017/Oct/14
- http://seclists.org/fulldisclosure/2017/Oct/14
- https://www.lansweeper.com/changelog.aspx
- https://www.lansweeper.com/changelog.aspx