Vulnerability Details CVE-2017-13706
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 9.9
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html
- http://seclists.org/fulldisclosure/2017/Oct/14
- https://www.lansweeper.com/changelog.aspx
- http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html
- http://seclists.org/fulldisclosure/2017/Oct/14
- https://www.lansweeper.com/changelog.aspx
Products affected by CVE-2017-13706
-
cpe:2.3:a:lansweeper:lansweeper:3.5
-
cpe:2.3:a:lansweeper:lansweeper:3.5.1
-
cpe:2.3:a:lansweeper:lansweeper:3.5.2
-
cpe:2.3:a:lansweeper:lansweeper:4.0
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.106
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.24
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.27
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.36
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.37
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.40
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.41
-
cpe:2.3:a:lansweeper:lansweeper:4.0.0.42
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.11
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.113
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.117
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.12
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.121
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.127
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.14
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.16
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.18
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.21
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.27
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.29
-
cpe:2.3:a:lansweeper:lansweeper:4.1.0.35
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.52
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.54
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.60
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.63
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.68
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.70
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.77
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.82
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.86
-
cpe:2.3:a:lansweeper:lansweeper:4.2.0.90
-
cpe:2.3:a:lansweeper:lansweeper:5.0
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.27
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.44
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.48
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.49
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.52
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.60
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.69
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.76
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.77
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.78
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.79
-
cpe:2.3:a:lansweeper:lansweeper:5.0.0.81
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.28
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.29
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.31
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.45
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.49
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.50
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.53
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.54
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.55
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.59
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.60
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.61
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.62
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.63
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.64
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.65
-
cpe:2.3:a:lansweeper:lansweeper:5.1.0.66
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.15
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.17
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.22
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.24
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.27
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.30
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.31
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.33
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.41
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.42
-
cpe:2.3:a:lansweeper:lansweeper:5.2.0.43
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.12
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.13
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.15
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.17
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.21
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.22
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.24
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.25
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.28
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.30
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.31
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.32
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.33
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.34
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.5
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.6
-
cpe:2.3:a:lansweeper:lansweeper:5.3.0.8
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.19
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.22
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.42
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.45
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.48
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.51
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.63
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.64
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.65
-
cpe:2.3:a:lansweeper:lansweeper:6.0.0.6517
-
cpe:2.3:a:lansweeper:lansweeper:6.0.100.12
-
cpe:2.3:a:lansweeper:lansweeper:6.0.100.21
-
cpe:2.3:a:lansweeper:lansweeper:6.0.100.29