Details of VAR-201702-0853

ID

VAR-201702-0853

CVE

CVE-2016-9351

TITLE

Advantech SUSIAccess Server Directory Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-11830 // CNNVD: CNNVD-201612-012

DESCRIPTION

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech SUSIAccess Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UpgradeMgmt servlet upload function. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. SUSIAccess is an easy-to-use remote device management software solution. Advantech SUISAccess Server is a set of Advantech's Platform as a Service (PaaS) products for cloud and Internet of Things (IoT) devices. A directory traversal vulnerability exists in Advantech SUISAccess Server 3.0 and earlier. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks

Trust: 3.69

sources: NVD: CVE-2016-9351 // JVNDB: JVNDB-2016-007631 // ZDI: ZDI-16-630 // CNVD: CNVD-2016-11830 // CNNVD: CNNVD-201612-012 // BID: 94629 // VULHUB: VHN-98171

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11830

AFFECTED PRODUCTS

vendor:	advantech	model:	susiaccess	scope:	lte	version:	3.0	Trust: 1.0
vendor:	advantech	model:	susiaccess	scope:	lte	version:	server 3.0	Trust: 0.8
vendor:	advantech	model:	susiaccess server	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	suisaccess server	scope:	lte	version:	<=3.0	Trust: 0.6
vendor:	advantech	model:	susiaccess	scope:	eq	version:	3.0	Trust: 0.6
vendor:	advantech	model:	suisaccess server	scope:	eq	version:	3.0	Trust: 0.3

sources: ZDI: ZDI-16-630 // CNVD: CNVD-2016-11830 // BID: 94629 // JVNDB: JVNDB-2016-007631 // CNNVD: CNNVD-201612-012 // NVD: CVE-2016-9351

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9351
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-9351
value:	HIGH
Trust: 0.8
ZDI:	CVE-2016-9351
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2016-11830
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201612-012
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98171
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9351
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2016-9351
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2016-11830
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-98171
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9351
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-16-630 // CNVD: CNVD-2016-11830 // VULHUB: VHN-98171 // JVNDB: JVNDB-2016-007631 // CNNVD: CNNVD-201612-012 // NVD: CVE-2016-9351

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-98171 // JVNDB: JVNDB-2016-007631 // NVD: CVE-2016-9351

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-012

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201612-012

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007631

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-98171

PATCH

title:	SUSIAccess	url:	http://www2.advantech.com/industrialCloud/about_what.aspx	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04	Trust: 0.7
title:	Patch for Advantech SUSIAccess Server Directory Traversal Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/84927	Trust: 0.6

sources: ZDI: ZDI-16-630 // CNVD: CNVD-2016-11830 // JVNDB: JVNDB-2016-007631

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9351	Trust: 4.1
db:	ICS CERT	id:	ICSA-16-336-04	Trust: 3.4
db:	BID	id:	94629	Trust: 2.6
db:	EXPLOIT-DB	id:	42402	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-007631	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3876	Trust: 0.7
db:	ZDI	id:	ZDI-16-630	Trust: 0.7
db:	CNNVD	id:	CNNVD-201612-012	Trust: 0.7
db:	CNVD	id:	CNVD-2016-11830	Trust: 0.6
db:	VULHUB	id:	VHN-98171	Trust: 0.1

sources: ZDI: ZDI-16-630 // CNVD: CNVD-2016-11830 // VULHUB: VHN-98171 // BID: 94629 // JVNDB: JVNDB-2016-007631 // CNNVD: CNNVD-201612-012 // NVD: CVE-2016-9351

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-336-04	Trust: 4.1
url:	http://www.securityfocus.com/bid/94629	Trust: 1.7
url:	https://www.exploit-db.com/exploits/42402/	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9351	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9351	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-16-630 // CNVD: CNVD-2016-11830 // VULHUB: VHN-98171 // BID: 94629 // JVNDB: JVNDB-2016-007631 // CNNVD: CNNVD-201612-012 // NVD: CVE-2016-9351

CREDITS

rgod working with Zero Day Initiative (ZDI).

Trust: 0.9

sources: BID: 94629 // CNNVD: CNNVD-201612-012

SOURCES

db:	ZDI	id:	ZDI-16-630
db:	CNVD	id:	CNVD-2016-11830
db:	VULHUB	id:	VHN-98171
db:	BID	id:	94629
db:	JVNDB	id:	JVNDB-2016-007631
db:	CNNVD	id:	CNNVD-201612-012
db:	NVD	id:	CVE-2016-9351

LAST UPDATE DATE

2024-11-23T22:07:38.500000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-630	date:	2016-12-13T00:00:00
db:	CNVD	id:	CNVD-2016-11830	date:	2016-12-05T00:00:00
db:	VULHUB	id:	VHN-98171	date:	2017-08-12T00:00:00
db:	BID	id:	94629	date:	2016-12-20T02:04:00
db:	JVNDB	id:	JVNDB-2016-007631	date:	2017-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201612-012	date:	2016-12-02T00:00:00
db:	NVD	id:	CVE-2016-9351	date:	2024-11-21T03:01:00.207

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-16-630	date:	2016-12-13T00:00:00
db:	CNVD	id:	CNVD-2016-11830	date:	2016-12-05T00:00:00
db:	VULHUB	id:	VHN-98171	date:	2017-02-13T00:00:00
db:	BID	id:	94629	date:	2016-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-007631	date:	2017-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201612-012	date:	2016-12-02T00:00:00
db:	NVD	id:	CVE-2016-9351	date:	2017-02-13T21:59:01.907