Vulnerabilities > CVE-2020-14011 - Insecure Default Initialization of Resource vulnerability in Lansweeper
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html
- https://pastebin.com/EUkMx94X
- https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/
- http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html
- https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/
- https://pastebin.com/EUkMx94X