Vulnerability Description
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lansweeper | Lansweeper | >= 6.0.0.19, <= 7.2.108.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-RemotThird Party AdvisoryVDB Entry
- https://pastebin.com/EUkMx94XThird Party Advisory
- https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/Vendor Advisory
- http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-RemotThird Party AdvisoryVDB Entry
- https://pastebin.com/EUkMx94XThird Party Advisory
- https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/Vendor Advisory
FAQ
What is CVE-2020-14011?
CVE-2020-14011 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution ...
How severe is CVE-2020-14011?
CVE-2020-14011 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14011?
Check the references section above for vendor advisories and patch information. Affected products include: Lansweeper Lansweeper.