[CVE-2019-12375] LANDesk Management Server - Open Directories

Open directories in LDMS Service Update 5 may lead to information disclosure and arbitrary code execution

May 25, 2019

By design, multiple directories on the LDMS core server are wide-open and globally readable via HTTP. For example, see the following web locations available on an LDMS core server:

  • https://<coreserver>/ldlogon
  • https://<coreserver>/upl
  • https://<coreserver/landesk

While this is by design, it is a major architectural oversight. This design played an instrumental role in the discovery of many of these vulnerabilities, and allows for information disclosure and arbitrary code execution when paired with other discovered vulnerabilities.

The vendor has been notified of this issue, and has confirmed that LDMS version SU 5 is no longer supported. Thus, this vulnerability will not be patched.

Return to blog