Sign-up

ID

VAR-202004-0079


CVE

CVE-2020-10621


TITLE

Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-387 // ZDI: ZDI-20-386

DESCRIPTION

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). WebAccess/NMS Exists in a vulnerability related to unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the saveBackground.action endpoint. When parsing the filename element, the process does not properly validate user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation. A code issue vulnerability exists in versions prior to Advantech WebAccess/NMS 3.0.2

Trust: 8.64

sources: NVD: CVE-2020-10621 // JVNDB: JVNDB-2020-003816 // ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // VULHUB: VHN-163118

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/nmsscope: - version: -

Trust: 7.7

vendor:advantechmodel:webaccess\/nmsscope:ltversion:3.0.2

Trust: 1.0

vendor:advantechmodel:webaccess/nmsscope:eqversion:3.0.2

Trust: 0.8

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // JVNDB: JVNDB-2020-003816 // NVD: CVE-2020-10621

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-10621
value: CRITICAL

Trust: 7.7

nvd@nist.gov: CVE-2020-10621
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003816
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-403
value: CRITICAL

Trust: 0.6

VULHUB: VHN-163118
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10621
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003816
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-163118
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-10621
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 7.7

nvd@nist.gov: CVE-2020-10621
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003816
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // VULHUB: VHN-163118 // JVNDB: JVNDB-2020-003816 // CNNVD: CNNVD-202004-403 // NVD: CVE-2020-10621

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-163118 // JVNDB: JVNDB-2020-003816 // NVD: CVE-2020-10621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-403

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202004-403

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003816

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01
Trust: 7.7
title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess
Trust: 0.8
title:Advantech WebAccess/NMS Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115619
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-385 // 
            
            
            
            ZDI: ZDI-20-387 // 
            
            
            
            ZDI: ZDI-20-389 // 
            
            
            
            ZDI: ZDI-20-386 // 
            
            
            
            ZDI: ZDI-20-405 // 
            
            
            
            ZDI: ZDI-20-406 // 
            
            
            
            ZDI: ZDI-20-383 // 
            
            
            
            ZDI: ZDI-20-373 // 
            
            
            
            ZDI: ZDI-20-397 // 
            
            
            
            ZDI: ZDI-20-400 // 
            
            
            
            ZDI: ZDI-20-402 // 
            
            
            
            JVNDB: JVNDB-2020-003816 // 
            
            
            
            CNNVD: CNNVD-202004-403

EXTERNAL IDS
db:NVDid:CVE-2020-10621
Trust: 10.2
db:ICS CERTid:ICSA-20-098-01
Trust: 2.5
db:ZDIid:ZDI-20-406
Trust: 1.3
db:JVNDBid:JVNDB-2020-003816
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-9578
Trust: 0.7
db:ZDIid:ZDI-20-385
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9580
Trust: 0.7
db:ZDIid:ZDI-20-387
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9582
Trust: 0.7
db:ZDIid:ZDI-20-389
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9579
Trust: 0.7
db:ZDIid:ZDI-20-386
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9692
Trust: 0.7
db:ZDIid:ZDI-20-405
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9693
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9576
Trust: 0.7
db:ZDIid:ZDI-20-383
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9566
Trust: 0.7
db:ZDIid:ZDI-20-373
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9602
Trust: 0.7
db:ZDIid:ZDI-20-397
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9614
Trust: 0.7
db:ZDIid:ZDI-20-400
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-9627
Trust: 0.7
db:ZDIid:ZDI-20-402
Trust: 0.7
db:CNNVDid:CNNVD-202004-403
Trust: 0.7
db:NSFOCUSid:46347
Trust: 0.6
db:AUSCERTid:ESB-2020.1251
Trust: 0.6
db:CNVDid:CNVD-2020-22317
Trust: 0.1
db:VULHUBid:VHN-163118
Trust: 0.1
sources:
            
            
            ZDI: ZDI-20-385 // 
            
            
            
            ZDI: ZDI-20-387 // 
            
            
            
            ZDI: ZDI-20-389 // 
            
            
            
            ZDI: ZDI-20-386 // 
            
            
            
            ZDI: ZDI-20-405 // 
            
            
            
            ZDI: ZDI-20-406 // 
            
            
            
            ZDI: ZDI-20-383 // 
            
            
            
            ZDI: ZDI-20-373 // 
            
            
            
            ZDI: ZDI-20-397 // 
            
            
            
            ZDI: ZDI-20-400 // 
            
            
            
            ZDI: ZDI-20-402 // 
            
            
            
            VULHUB: VHN-163118 // 
            
            
            
            JVNDB: JVNDB-2020-003816 // 
            
            
            
            CNNVD: CNNVD-202004-403 // 
            
            
            
            NVD: CVE-2020-10621

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01
Trust: 10.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-10621
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10621
Trust: 0.8
url:https://www.zerodayinitiative.com/advisories/zdi-20-406/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/46347
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.1251/
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-385 // 
            
            
            
            ZDI: ZDI-20-387 // 
            
            
            
            ZDI: ZDI-20-389 // 
            
            
            
            ZDI: ZDI-20-386 // 
            
            
            
            ZDI: ZDI-20-405 // 
            
            
            
            ZDI: ZDI-20-406 // 
            
            
            
            ZDI: ZDI-20-383 // 
            
            
            
            ZDI: ZDI-20-373 // 
            
            
            
            ZDI: ZDI-20-397 // 
            
            
            
            ZDI: ZDI-20-400 // 
            
            
            
            ZDI: ZDI-20-402 // 
            
            
            
            VULHUB: VHN-163118 // 
            
            
            
            JVNDB: JVNDB-2020-003816 // 
            
            
            
            CNNVD: CNNVD-202004-403 // 
            
            
            
            NVD: CVE-2020-10621

CREDITS
rgod of 9sg
Trust: 7.7
sources:
            
            
            ZDI: ZDI-20-385 // 
            
            
            
            ZDI: ZDI-20-387 // 
            
            
            
            ZDI: ZDI-20-389 // 
            
            
            
            ZDI: ZDI-20-386 // 
            
            
            
            ZDI: ZDI-20-405 // 
            
            
            
            ZDI: ZDI-20-406 // 
            
            
            
            ZDI: ZDI-20-383 // 
            
            
            
            ZDI: ZDI-20-373 // 
            
            
            
            ZDI: ZDI-20-397 // 
            
            
            
            ZDI: ZDI-20-400 // 
            
            
            
            ZDI: ZDI-20-402

SOURCES
db:ZDIid:ZDI-20-385
db:ZDIid:ZDI-20-387
db:ZDIid:ZDI-20-389
db:ZDIid:ZDI-20-386
db:ZDIid:ZDI-20-405
db:ZDIid:ZDI-20-406
db:ZDIid:ZDI-20-383
db:ZDIid:ZDI-20-373
db:ZDIid:ZDI-20-397
db:ZDIid:ZDI-20-400
db:ZDIid:ZDI-20-402
db:VULHUBid:VHN-163118
db:JVNDBid:JVNDB-2020-003816
db:CNNVDid:CNNVD-202004-403
db:NVDid:CVE-2020-10621

LAST UPDATE DATE
2024-08-14T14:11:51.630000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-385date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-387date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-389date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-386date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-405date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-406date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-383date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-373date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-397date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-400date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-402date:2020-04-08T00:00:00
db:VULHUBid:VHN-163118date:2020-04-10T00:00:00
db:JVNDBid:JVNDB-2020-003816date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-403date:2020-04-14T00:00:00
db:NVDid:CVE-2020-10621date:2020-04-10T15:21:37.273

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-385date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-387date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-389date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-386date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-405date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-406date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-383date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-373date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-397date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-400date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-402date:2020-04-08T00:00:00
db:VULHUBid:VHN-163118date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003816date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-403date:2020-04-07T00:00:00
db:NVDid:CVE-2020-10621date:2020-04-09T13:15:12.623