Thursday, February 24, 2022

Vulnerability Spotlight: Vulnerabilities in Lansweeper could lead to JavaScript, SQL injections



Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered multiple vulnerabilities in the Lansweeper IT asset management solution that could allow an attacker to inject JavaScript or SQL code on the targeted device. 

Lansweeper gathers the hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes. There are vulnerabilities in multiple .aspx files contained in Lansweeper that, if targeted correctly, could allow an adversary to inject malicious code.

TALOS-2022-1441 (CVE-2022-22149), TALOS-2022-1443 (CVE-2022-21234) and TALOS-2022-1444 (CVE-2022-21210) can all be triggered if the attacker sends the targeted device a specially crafted HTTP request. The HTTP request can trigger an error that eventually allows the attacker to inject SQL code. An adversary needs to be authenticated and have proper permissions to exploit these vulnerabilities. 

TALOS-2022-1442 (CVE-2022-21145) similarly occurs after a specially crafted HTTP request is sent to the targeted device. In this case, however, it opens the door to a cross-site scripting attack where the adversary can inject arbitrary JavaScript. 

Cisco Talos worked with Lansweeper to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy

Users are encouraged to update these affected products as soon as possible: Users are encouraged to update these affected products as soon as possible: Lansweeper version 9.1.20.2. Talos tested and confirmed this version is affected by these vulnerabilities. Lansweeper 9.2.0 incorporates fixes for these issues. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58884 - 58894. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.