Landesk management suite 9 crackles4/27/2023 Final request for update and notice of public disclosure given. aspx but the extension is not referenced explicitly in the URL. Part: a Vendor: landesk Product: landeskmanagementsuite Version: 9.6 Update: Edition: Language: Software Edition: Target Software: Target Hardware: Other: Quick Info. Read information about CPE Name encoding CPE Name Components Select a component to search for similar CPEs. This can be leveraged to introduce remote file inclusion vulnerabilities as you can present external content through the landesk server. Version 2.2: cpe:/a:landesk:landeskmanagementsuite:9.6. There are numerous URLs within the landesk management suite that can be used to call upon remote files due to the use of relative paths. Manipulate windows services and processes on host machines.ĭocument.getElementById("csrfForm1").submit() ĭocument.getElementById("csrfForm2").submit() Proof of concept for CSRF :Ĭertain functionalities of landesk are vulnerable to cross-site request forgeries, which can be used to force users to, among other things, The admin interface of Landesk Management Suite can be exploited by Remote File Inclusion (RFI) and Cross-site Request forgery (CSRF) attacks. Simplifies OS provisioning, saves power costs, provides secure remote control, and manages Mac OS X." Into a single management experience that speeds software distribution, ensures software license compliance, "Manage all your users multi-platform desktops and mobile devices. Vulnerability Type: Cross-site request forgery, Remote File Inclusion ĬVE Reference: CVE-2014-5361, CVE-2014-5362 Vulnerable Versions: 9.5 (and possible previous versions), 9.6 Change Mirror Download Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |