Advantech WebAccess NMS Save Background Action Directory Traversal

Strike ID:
E20-9se31
CVSS:
9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
False Positive:
f
Variants:
1
Year:
2020

Description

An arbitrary file overwrite vulnerability has been identified in Advantech WebAccess NMS. The vulnerability is caused by the lack of proper input sanitisation on file paths within saveBackground servlet. The vulnerability can be exploited by sending a specially-crafted request, allowing the attacker to delete arbitrary files.

CVE

References

Metasploit

Zdi