Path Traversal Vulnerability in Advantech WebAccess Products
CVE-2018-14806

9.8CRITICAL

Key Information:

Vendor
Advantech
Status
Advantech Webaccess
Vendor
CVE Published:
23 October 2018

Summary

Advantech WebAccess versions 8.3.1 and earlier are susceptible to a path traversal vulnerability. This security flaw could enable an unauthorized attacker to manipulate file paths, leading to the potential execution of arbitrary code on the affected system. Organizations using these versions should evaluate their risk exposure and consider implementing appropriate security measures to mitigate any potential exploitation.

Affected Version(s)

Advantech WebAccess WebAccess Versions 8.3.1 and prior

References

http://www.securitytracker.com/id/1041939
vdb-entryx_refsource_SECTRACK
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C
x_refsource_MISC
http://www.securityfocus.com/bid/105728
vdb-entryx_refsource_BID

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.