Intrusion Prevention

Advantech.WebAccess.NMS.download.jsp.Arbitrary.Path.Traversal

Description

This indicates an attack attempt to exploit a Path Traversal Vulnerability in Advantech WebAccess/NMS.
The vulnerability is due to insufficient input validation on file paths while processing the calls to download.jsp endpoint.
A remote, unauthenticated attacker can exploit this vulnerability by submitting a crafted request to the target server. Successful exploitation could delete or read arbitrary files on the target server under the security context of the SYSTEM.

Affected Products

Advantech WebAccess/NMS prior to 3.0.2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

CVE References

CVE-2020-10631

Other References

ICSA-20-098-01