Directory Traversal in Advantech WebAccess Allows Remote File Manipulation
CVE-2018-15705

6.5MEDIUM

Key Information:

Vendor: Advantech
Status: Advantech Webaccess
Vendor: CVE Published:; 31 October 2018

Summary

The WADashboard API in Advantech WebAccess versions 8.3.1 and 8.3.2 is susceptible to a directory traversal vulnerability within the writeFile API. This flaw permits remote authenticated attackers to write or overwrite files on the filesystem, which can ultimately lead to the execution of arbitrary code. Proper security measures and patches are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Advantech WebAccess 8.3.1 and 8.3.2

References

https://www.exploit-db.com/exploits/45774/

exploitx_refsource_EXPLOIT-DB

https://www.tenable.com/security/research/tra-2018-35

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2018
Vulnerability Reserved
Aug 22, 2018