Intrusion Prevention

Advantech.iView.exportTaskMgrReport.Directory.Traversal

Description

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Advantech iView.
The vulnerability is due to improper validation of user-supplied path before using in exportTaskMgrReport method. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted server. Successful exploitation of this vulnerability could lead to arbitrary code execution on the affected system with privileges of SYSTEM.

Affected Products

Advantech iView prior to 5.7.02.5992

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.advantech.com/support/KnowledgeBaseSRDetail_New.aspx?SR_ID=1-HIPU-181

CVE References

CVE-2020-16245

Other References

ICSA-20-238-01