Sign-up

ID

VAR-202004-0053


CVE

CVE-2020-10631


TITLE

WebAccess/NMS Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003797

DESCRIPTION

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. WebAccess/NMS Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the download.jsp endpoint. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM or to create a denial-of-service condition on the system. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation. There is a path traversal vulnerability in versions prior to Advantech WebAccess/NMS 3.0.2

Trust: 2.34

sources: NVD: CVE-2020-10631 // JVNDB: JVNDB-2020-003797 // ZDI: ZDI-20-384 // VULHUB: VHN-163129

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess\/nmsscope:ltversion:3.0.2

Trust: 1.0

vendor:advantechmodel:webaccess/nmsscope:eqversion:3.0.2

Trust: 0.8

vendor:advantechmodel:webaccess/nmsscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-384 // JVNDB: JVNDB-2020-003797 // NVD: CVE-2020-10631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10631
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003797
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-10631
value: CRITICAL

Trust: 0.7

CNNVD: CNNVD-202004-400
value: CRITICAL

Trust: 0.6

VULHUB: VHN-163129
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10631
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003797
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-163129
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-10631
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003797
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-10631
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-384 // VULHUB: VHN-163129 // JVNDB: JVNDB-2020-003797 // CNNVD: CNNVD-202004-400 // NVD: CVE-2020-10631

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-23

Trust: 1.0

sources: VULHUB: VHN-163129 // JVNDB: JVNDB-2020-003797 // NVD: CVE-2020-10631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-400

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202004-400

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003797

PATCH
title:Top Pageurl:https://www.advantech.com/
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01
Trust: 0.7
title:Advantech WebAccess/NMS Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113480
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-384 // 
            
            
            
            JVNDB: JVNDB-2020-003797 // 
            
            
            
            CNNVD: CNNVD-202004-400

EXTERNAL IDS
db:NVDid:CVE-2020-10631
Trust: 3.2
db:ICS CERTid:ICSA-20-098-01
Trust: 2.5
db:ZDIid:ZDI-20-384
Trust: 1.3
db:JVNDBid:JVNDB-2020-003797
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9577
Trust: 0.7
db:CNNVDid:CNNVD-202004-400
Trust: 0.7
db:AUSCERTid:ESB-2020.1251
Trust: 0.6
db:NSFOCUSid:46345
Trust: 0.6
db:CNVDid:CNVD-2020-22313
Trust: 0.1
db:VULHUBid:VHN-163129
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-384 // 
            
            
            
            VULHUB: VHN-163129 // 
            
            
            
            JVNDB: JVNDB-2020-003797 // 
            
            
            
            CNNVD: CNNVD-202004-400 // 
            
            
            
            NVD: CVE-2020-10631

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01
Trust: 3.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-10631
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10631
Trust: 0.8
url:http://www.nsfocus.net/vulndb/46345
Trust: 0.6
url:https://www.zerodayinitiative.com/advisories/zdi-20-384/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1251/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-384 // 
            
            
            
            VULHUB: VHN-163129 // 
            
            
            
            JVNDB: JVNDB-2020-003797 // 
            
            
            
            CNNVD: CNNVD-202004-400 // 
            
            
            
            NVD: CVE-2020-10631

CREDITS
rgod of 9sg
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-384

SOURCES
db:ZDIid:ZDI-20-384
db:VULHUBid:VHN-163129
db:JVNDBid:JVNDB-2020-003797
db:CNNVDid:CNNVD-202004-400
db:NVDid:CVE-2020-10631

LAST UPDATE DATE
2024-08-14T14:11:51.591000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-384date:2020-04-08T00:00:00
db:VULHUBid:VHN-163129date:2020-04-10T00:00:00
db:JVNDBid:JVNDB-2020-003797date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-400date:2020-04-14T00:00:00
db:NVDid:CVE-2020-10631date:2020-04-10T14:36:44.207

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-384date:2020-04-08T00:00:00
db:VULHUBid:VHN-163129date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003797date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-400date:2020-04-07T00:00:00
db:NVDid:CVE-2020-10631date:2020-04-09T14:15:12.823