![]() ![]() The application also protects its session cookie ( ASP.NET_SessionId) with the samesite=lax parameter. Userid=4&originalvalue=&permissionselect=2&action=SELECTtblusers Referer: Content-Type: application/x-www-form-urlencoded charset=UTF-8Ĭookie: ASP.NET_SessionId=0cz3z0ocopzt04ddvo5514fo UserSettings=language=1 custauth=username=admin&userdomain=admin POST /configuration/HelpdeskUsers/HelpdeskusersActions.aspx HTTP/1.1 Normal usage of the application sends a POST request similar to the following when a user’s role is changed. Lansweeper allows an administrator to change the roles and permissions granted to a given application user via the /configuration/HelpdeskUsers/HelpdeskusersActions.aspx page. The application also encompasses a ticket based help desk system and capabilities for software updates on target devices.Īn attacker with an existing user account can elevate their privileges within the Lansweeper application. Lansweeper is an application that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes. ![]() Versions affected: 8.0.130.17 known affected versions, others likelyĪdvisory URL / CVE Identifier: CVE-2020-13658 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |