![]() ![]() Talos tested and confirmed this version of Lansweeper could be exploited by these vulnerabilities. Users are encouraged to update this affected product as soon as possible: Lansweeper 10.1.1.0. ![]() An attacker can send an HTTP request to trigger these vulnerabilities as well.Ĭisco Talos worked with Lansweeper to ensure that these issues were resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy. An attacker can send an HTTP request to trigger these vulnerabilities.īoth TALOS-2022-1532 (CVE-2022-28703) and TALOS-2022-1541 (CVE-2022-32763) are cross-site scripting sanitation bypass vulnerabilities which can lead to arbitrary Javascript code injection. Two other vulnerabilities exist where directory traversal can lead to arbitrary file read: TALOS-2022-1530 (CVE-2022-29511) and TALOS-2022-1531 (CVE-2022-27498). Talos has identified two directory traversal vulnerabilities that can lead to arbitrary file upload: TALOS-2022-1528 (CVE-2022-32573) and TALOS-2022-1529 (CVE-2022-29517). Lansweeper is an IT Asset Management solution that gathers hardware and software information of computers and other devices on a computer network for management, compliance and audit purposes. Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities.Ĭisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |