Improper Privilege Management in Advantech WebAccess by Advantech
CVE-2018-14828

7.8HIGH

Key Information:

Vendor

Advantech
Status
Advantech Webaccess
Vendor
CVE Published:
23 October 2018

What is CVE-2018-14828?

The Advantech WebAccess software version 8.3.1 and earlier is susceptible to an improper privilege management vulnerability. This issue can potentially allow attackers to gain unauthorized access to critical files and execute actions at a system administrator-level, which could compromise the integrity and security of the system. It is crucial for organizations using these versions to apply necessary security patches and conduct thorough vulnerability assessments to safeguard against potential exploitation.

Affected Version(s)

Advantech WebAccess WebAccess Versions 8.3.1 and prior

References

http://www.securitytracker.com/id/1041939
vdb-entryx_refsource_SECTRACK
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C
x_refsource_MISC
http://www.securityfocus.com/bid/105728
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.