Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
Summary: Lansweeper is an application that gathers hardware and software information of computers and other devices on a computer network for management and compliance and audit purposes. The application also encompasses a ticket based help desk system and capabilities for software updates on target devices. Location: http://[LANSWEEPER_URL]/configuration/HelpdeskUsers/HelpdeskusersActions.aspx Impact: An attacker with an existing user account […]