CVE-2022-21234 – This SQL injection vulnerability in Lansweeper'... (How to Fix)

Q: What is the severity of CVE-2022-21234?

CVE-2022-21234 has a CVSS score of 8.8 (HIGH). This SQL injection vulnerability in Lansweeper's EchoAssets.aspx allows authenticated attackers to execute arbitrary SQL commands on the database. It affects Lansweeper 9.1.20.2 installations, potentially compromising sensitive asset data and system integrity.

📋 TL;DR

This SQL injection vulnerability in Lansweeper's EchoAssets.aspx allows authenticated attackers to execute arbitrary SQL commands on the database. It affects Lansweeper 9.1.20.2 installations, potentially compromising sensitive asset data and system integrity.

💻 Affected Systems

Products:

Lansweeper

Versions: 9.1.20.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. All default installations of affected version are vulnerable.

📦 What is this software?

Lansweeper by Lansweeper

View all CVEs affecting Lansweeper →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential remote code execution on the underlying server.

🟠

Likely Case

Unauthorized access to sensitive asset information, configuration data, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: MEDIUM - Requires authentication but could be exploited if web interface is exposed to internet.

🏢 Internal Only: HIGH - Internal attackers with valid credentials can exploit this to gain elevated database access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are commonly weaponized. Requires authenticated access but exploitation is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.1.20.3 or later

Vendor Advisory: https://www.lansweeper.com/changelog/

Restart Required: Yes

Instructions:

1. Download latest Lansweeper version from vendor website. 2. Backup current installation and database. 3. Run installer to upgrade to patched version. 4. Restart Lansweeper services.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall or input validation to block SQL injection patterns

Access Restriction

windows

Restrict access to EchoAssets.aspx endpoint to only necessary users

🧯 If You Can't Patch

Implement strict network segmentation to isolate Lansweeper server
Enforce principle of least privilege for database accounts used by Lansweeper

🔍 How to Verify

Check if Vulnerable:

Check Lansweeper version in web interface or installation directory. Version 9.1.20.2 is vulnerable.

Check Version:

Check Help > About in Lansweeper web interface or examine Lansweeper installation files

Verify Fix Applied:

Verify version is 9.1.20.3 or later. Test EchoAssets.aspx endpoint with SQL injection test payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed authentication attempts followed by successful login
Access to EchoAssets.aspx with suspicious parameters

Network Indicators:

HTTP POST requests to EchoAssets.aspx containing SQL keywords
Unusual database connection patterns from Lansweeper server

SIEM Query:

source="web_logs" AND uri="/EchoAssets.aspx" AND (param CONTAINS "UNION" OR param CONTAINS "SELECT" OR param CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2022-21234

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: April 14, 2022

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1443 Exploit,Third Party Advisory
https://www.lansweeper.com/changelog/ Release Notes,Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1443 Exploit,Third Party Advisory
https://www.lansweeper.com/changelog/ Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21234, you might also want to check these: