ID

VAR-202004-0053


CVE

CVE-2020-10631


TITLE

WebAccess/NMS Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003797

DESCRIPTION

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. WebAccess/NMS Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the download.jsp endpoint. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM or to create a denial-of-service condition on the system. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation. There is a path traversal vulnerability in versions prior to Advantech WebAccess/NMS 3.0.2

Trust: 2.34

sources: NVD: CVE-2020-10631 // JVNDB: JVNDB-2020-003797 // ZDI: ZDI-20-384 // VULHUB: VHN-163129

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess\/nmsscope:ltversion:3.0.2

Trust: 1.0

vendor:advantechmodel:webaccess/nmsscope:eqversion:3.0.2

Trust: 0.8

vendor:advantechmodel:webaccess/nmsscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-384 // JVNDB: JVNDB-2020-003797 // NVD: CVE-2020-10631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-10631
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003797
value: CRITICAL

Trust: 0.8

ZDI: CVE-2020-10631
value: CRITICAL

Trust: 0.7

CNNVD: CNNVD-202004-400
value: CRITICAL

Trust: 0.6

VULHUB: VHN-163129
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10631
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003797
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-163129
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-10631
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003797
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-10631
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-384 // VULHUB: VHN-163129 // JVNDB: JVNDB-2020-003797 // CNNVD: CNNVD-202004-400 // NVD: CVE-2020-10631

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-23

Trust: 1.0

sources: VULHUB: VHN-163129 // JVNDB: JVNDB-2020-003797 // NVD: CVE-2020-10631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-400

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202004-400

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003797

PATCH

title:Top Pageurl:https://www.advantech.com/

Trust: 0.8

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 0.7

title:Advantech WebAccess/NMS Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113480

Trust: 0.6

sources: ZDI: ZDI-20-384 // JVNDB: JVNDB-2020-003797 // CNNVD: CNNVD-202004-400

EXTERNAL IDS

db:NVDid:CVE-2020-10631

Trust: 3.2

db:ICS CERTid:ICSA-20-098-01

Trust: 2.5

db:ZDIid:ZDI-20-384

Trust: 1.3

db:JVNDBid:JVNDB-2020-003797

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-9577

Trust: 0.7

db:CNNVDid:CNNVD-202004-400

Trust: 0.7

db:AUSCERTid:ESB-2020.1251

Trust: 0.6

db:NSFOCUSid:46345

Trust: 0.6

db:CNVDid:CNVD-2020-22313

Trust: 0.1

db:VULHUBid:VHN-163129

Trust: 0.1

sources: ZDI: ZDI-20-384 // VULHUB: VHN-163129 // JVNDB: JVNDB-2020-003797 // CNNVD: CNNVD-202004-400 // NVD: CVE-2020-10631

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 3.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10631

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10631

Trust: 0.8

url:http://www.nsfocus.net/vulndb/46345

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-384/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1251/

Trust: 0.6

sources: ZDI: ZDI-20-384 // VULHUB: VHN-163129 // JVNDB: JVNDB-2020-003797 // CNNVD: CNNVD-202004-400 // NVD: CVE-2020-10631

CREDITS

rgod of 9sg

Trust: 0.7

sources: ZDI: ZDI-20-384

SOURCES

db:ZDIid:ZDI-20-384
db:VULHUBid:VHN-163129
db:JVNDBid:JVNDB-2020-003797
db:CNNVDid:CNNVD-202004-400
db:NVDid:CVE-2020-10631

LAST UPDATE DATE

2024-11-23T21:59:22.124000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-384date:2020-04-08T00:00:00
db:VULHUBid:VHN-163129date:2020-04-10T00:00:00
db:JVNDBid:JVNDB-2020-003797date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-400date:2020-04-14T00:00:00
db:NVDid:CVE-2020-10631date:2024-11-21T04:55:44.147

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-384date:2020-04-08T00:00:00
db:VULHUBid:VHN-163129date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003797date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-400date:2020-04-07T00:00:00
db:NVDid:CVE-2020-10631date:2020-04-09T14:15:12.823