HTTP:Lansweeper TicketTemplateActions.aspx and AssetActions.aspx Directory Traversal
This signature detects attempts to exploit a known vulnerability against Lansweeper TicketTemplateActions.aspx and AssetActions.aspx. A successful attack can lead to directory traversal and arbitrary code execution.
Extended Description
A directory traversal vulnerability exists in the TicketTemplateActions.aspx GetTemplateAttachment functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
Affected Products
Lansweeper lansweeper
Short Name
HTTP:DIR:LANSWEEPER-TCKT-TMPLTE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AssetActions.aspx CVE-2022-27498 CVE-2022-29517 CVE-2022-32573 Directory Lansweeper TicketTemplateActions.aspx Traversal and
Release Date
12/22/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Lansweeper