ID

VAR-202004-0079


CVE

CVE-2020-10621


TITLE

Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-20-387 // ZDI: ZDI-20-386

DESCRIPTION

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). WebAccess/NMS Exists in a vulnerability related to unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the saveBackground.action endpoint. When parsing the filename element, the process does not properly validate user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Advantech WebAccess/NMS is a set of Web browser-based Network Management System (NMS) software package developed by China Taiwan Advantech Corporation. A code issue vulnerability exists in versions prior to Advantech WebAccess/NMS 3.0.2

Trust: 8.64

sources: NVD: CVE-2020-10621 // JVNDB: JVNDB-2020-003816 // ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // VULHUB: VHN-163118

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/nmsscope: - version: -

Trust: 7.7

vendor:advantechmodel:webaccess\/nmsscope:ltversion:3.0.2

Trust: 1.0

vendor:advantechmodel:webaccess/nmsscope:eqversion:3.0.2

Trust: 0.8

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // JVNDB: JVNDB-2020-003816 // NVD: CVE-2020-10621

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-10621
value: CRITICAL

Trust: 7.7

nvd@nist.gov: CVE-2020-10621
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-003816
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202004-403
value: CRITICAL

Trust: 0.6

VULHUB: VHN-163118
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-10621
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003816
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-163118
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2020-10621
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 7.7

nvd@nist.gov: CVE-2020-10621
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003816
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // VULHUB: VHN-163118 // JVNDB: JVNDB-2020-003816 // CNNVD: CNNVD-202004-403 // NVD: CVE-2020-10621

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-163118 // JVNDB: JVNDB-2020-003816 // NVD: CVE-2020-10621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-403

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202004-403

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003816

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 7.7

title:Advantech WebAccessurl:https://www.advantech.co.jp/industrial-automation/webaccess

Trust: 0.8

title:Advantech WebAccess/NMS Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115619

Trust: 0.6

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // JVNDB: JVNDB-2020-003816 // CNNVD: CNNVD-202004-403

EXTERNAL IDS

db:NVDid:CVE-2020-10621

Trust: 10.2

db:ICS CERTid:ICSA-20-098-01

Trust: 2.5

db:ZDIid:ZDI-20-406

Trust: 1.3

db:JVNDBid:JVNDB-2020-003816

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-9578

Trust: 0.7

db:ZDIid:ZDI-20-385

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9580

Trust: 0.7

db:ZDIid:ZDI-20-387

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9582

Trust: 0.7

db:ZDIid:ZDI-20-389

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9579

Trust: 0.7

db:ZDIid:ZDI-20-386

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9692

Trust: 0.7

db:ZDIid:ZDI-20-405

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9693

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9576

Trust: 0.7

db:ZDIid:ZDI-20-383

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9566

Trust: 0.7

db:ZDIid:ZDI-20-373

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9602

Trust: 0.7

db:ZDIid:ZDI-20-397

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9614

Trust: 0.7

db:ZDIid:ZDI-20-400

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9627

Trust: 0.7

db:ZDIid:ZDI-20-402

Trust: 0.7

db:CNNVDid:CNNVD-202004-403

Trust: 0.7

db:NSFOCUSid:46347

Trust: 0.6

db:AUSCERTid:ESB-2020.1251

Trust: 0.6

db:CNVDid:CNVD-2020-22317

Trust: 0.1

db:VULHUBid:VHN-163118

Trust: 0.1

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // VULHUB: VHN-163118 // JVNDB: JVNDB-2020-003816 // CNNVD: CNNVD-202004-403 // NVD: CVE-2020-10621

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 10.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-10621

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10621

Trust: 0.8

url:https://www.zerodayinitiative.com/advisories/zdi-20-406/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/46347

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1251/

Trust: 0.6

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402 // VULHUB: VHN-163118 // JVNDB: JVNDB-2020-003816 // CNNVD: CNNVD-202004-403 // NVD: CVE-2020-10621

CREDITS

rgod of 9sg

Trust: 7.7

sources: ZDI: ZDI-20-385 // ZDI: ZDI-20-387 // ZDI: ZDI-20-389 // ZDI: ZDI-20-386 // ZDI: ZDI-20-405 // ZDI: ZDI-20-406 // ZDI: ZDI-20-383 // ZDI: ZDI-20-373 // ZDI: ZDI-20-397 // ZDI: ZDI-20-400 // ZDI: ZDI-20-402

SOURCES

db:ZDIid:ZDI-20-385
db:ZDIid:ZDI-20-387
db:ZDIid:ZDI-20-389
db:ZDIid:ZDI-20-386
db:ZDIid:ZDI-20-405
db:ZDIid:ZDI-20-406
db:ZDIid:ZDI-20-383
db:ZDIid:ZDI-20-373
db:ZDIid:ZDI-20-397
db:ZDIid:ZDI-20-400
db:ZDIid:ZDI-20-402
db:VULHUBid:VHN-163118
db:JVNDBid:JVNDB-2020-003816
db:CNNVDid:CNNVD-202004-403
db:NVDid:CVE-2020-10621

LAST UPDATE DATE

2024-11-23T21:59:22.414000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-385date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-387date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-389date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-386date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-405date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-406date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-383date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-373date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-397date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-400date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-402date:2020-04-08T00:00:00
db:VULHUBid:VHN-163118date:2020-04-10T00:00:00
db:JVNDBid:JVNDB-2020-003816date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-403date:2020-04-14T00:00:00
db:NVDid:CVE-2020-10621date:2024-11-21T04:55:42.923

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-385date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-387date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-389date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-386date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-405date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-406date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-383date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-373date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-397date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-400date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-402date:2020-04-08T00:00:00
db:VULHUBid:VHN-163118date:2020-04-09T00:00:00
db:JVNDBid:JVNDB-2020-003816date:2020-04-24T00:00:00
db:CNNVDid:CNNVD-202004-403date:2020-04-07T00:00:00
db:NVDid:CVE-2020-10621date:2020-04-09T13:15:12.623