CVE-2020-14011 – CVE-2020-14011 is a critical vulnerability in L... (How to Fix)

Q: What is the severity of CVE-2020-14011?

CVE-2020-14011 has a CVSS score of 9.8 (CRITICAL). CVE-2020-14011 is a critical vulnerability in Lansweeper that allows remote code execution via default admin credentials. Attackers can exploit the Add New Package and Scheduled Deployments features to execute arbitrary commands on affected systems. Organizations running Lansweeper 6.0.x through 7.2.x with default configurations are vulnerable.

📋 TL;DR

CVE-2020-14011 is a critical vulnerability in Lansweeper that allows remote code execution via default admin credentials. Attackers can exploit the Add New Package and Scheduled Deployments features to execute arbitrary commands on affected systems. Organizations running Lansweeper 6.0.x through 7.2.x with default configurations are vulnerable.

💻 Affected Systems

Products:

Lansweeper

Versions: 6.0.x through 7.2.x

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable when 'Built-in admin' option is enabled (default setting).

📦 What is this software?

Lansweeper by Lansweeper

View all CVEs affecting Lansweeper →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, deploy malware, steal sensitive data, and pivot to other network systems.

🟠

Likely Case

Unauthorized access leading to data exfiltration, installation of backdoors, or deployment of ransomware within the network.

🟢

If Mitigated

Limited impact with proper access controls, though default configuration still presents risk.

🌐 Internet-Facing: HIGH - Web console accessible from internet allows remote exploitation without authentication.

🏢 Internal Only: HIGH - Even internal-only deployments are vulnerable to network-based attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires default admin credentials but is trivial to execute with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2.100.5 and later

Vendor Advisory: https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/

Restart Required: Yes

Instructions:

1. Update Lansweeper to version 7.2.100.5 or later. 2. Restart the Lansweeper service. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable Built-in Admin

windows

Disable the default admin account in Lansweeper configuration

Navigate to Lansweeper web console > Configuration > Security > Uncheck 'Built-in admin'

Restrict Web Console Access

all

Limit access to Lansweeper web console to trusted IPs only

Configure firewall rules to restrict access to Lansweeper web port (typically 9524)

🧯 If You Can't Patch

Disable the Built-in admin account immediately and use custom admin credentials
Implement network segmentation to isolate Lansweeper server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check Lansweeper version via web console or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Lansweeper\Version

Check Version:

reg query "HKLM\SOFTWARE\Lansweeper" /v Version

Verify Fix Applied:

Verify version is 7.2.100.5 or later and 'Built-in admin' is disabled in Security settings

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts to Lansweeper web console
Execution of unexpected commands via package deployment features

Network Indicators:

Unusual outbound connections from Lansweeper server
Traffic to Lansweeper web port from unexpected sources

SIEM Query:

source="Lansweeper" AND (event="Authentication" AND user="admin") OR (event="PackageDeployment" AND command="*")

📊 Metadata

CVE ID: CVE-2020-14011

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1188

Published: June 15, 2020

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html Third Party Advisory,VDB Entry
https://pastebin.com/EUkMx94X Third Party Advisory
https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/ Vendor Advisory
http://packetstormsecurity.com/files/158205/Lansweeper-7.2-Default-Account-Remote-Code-Execution.html Third Party Advisory,VDB Entry
https://pastebin.com/EUkMx94X Third Party Advisory
https://www.lansweeper.com/knowledgebase/restricting-access-to-the-web-console/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-14011, you might also want to check these: