Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities.
Lansweeper gathers the hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes. There are vulnerabilities in multiple .aspx files contained in Lansweeper that, if targeted correctly, could allow an adversary to inject malicious code.
TALOS-2022-1441 (CVE-2022-22149), TALOS-2022-1443 (CVE-2022-21234) and TALOS-2022-1444 (CVE-2022-21210) can all be triggered if the attacker sends the targeted device a specially crafted HTTP request. The HTTP request can trigger an error that eventually allows the attacker to inject SQL code. An adversary needs to be authenticated and have proper permissions to exploit these vulnerabilities.
Cisco Talos worked with Lansweeper to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update these affected products as soon as possible: Users are encouraged to update these affected products as soon as possible: Lansweeper version 188.8.131.52. Talos tested and confirmed this version is affected by these vulnerabilities. Lansweeper 9.2.0 incorporates fixes for these issues.
The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 58884 - 58894. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Cisco Secure Firewall Management Center or Snort.org.