← back
CVE-2020-14011

CVE-2020-14011

EPSS 29.5%
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48618unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.htmlhttps://pastebin.com/EUkMx94Xhttps://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/