Skip to main content

Webaccess CVE-2017-7929

HIGH
Absolute Path Traversal (CWE-36)
2017-05-06 ics-cert@hq.dhs.gov
7.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 06, 2017 - 00:29 cve.org
HIGH 7.1

DescriptionCVE.org

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.

AnalysisAI

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-36. An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. Affected products include: Advantech Webaccess. Version information: Version 8.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-0854 CRITICAL POC
9.8 Jan 15

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess

CVE-2016-0856 CRITICAL
9.8 Jan 15

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code

CVE-2014-9208 CRITICAL POC
10.0 Sep 11

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attacker

CVE-2017-14016 MEDIUM POC
6.3 Nov 06

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated medium

CVE-2016-5810 MEDIUM POC
4.9 May 02

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive

CVE-2019-3951 CRITICAL POC
9.8 Dec 12

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of

CVE-2019-3975 CRITICAL POC
9.8 Sep 10

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3954 CRITICAL POC
9.8 Jun 19

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3953 CRITICAL POC
9.8 Jun 18

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2018-6911 CRITICAL POC
9.8 Feb 13

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS

CVE-2018-15704 HIGH POC
8.8 Oct 22

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. Rated high severity (CVSS 8.

CVE-2019-3941 HIGH POC
7.5 Apr 09

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Rated

Share

CVE-2017-7929 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy