ID
VAR-202007-0401
CVE
CVE-2020-14507
TITLE
Advantech iView path traversal vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2020-54158 //
CNNVD: CNNVD-202007-965
DESCRIPTION
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. Advantech iView Is vulnerable to past traversal.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose files in the context of SYSTEM. Advantech iView is a device management application provided by Advantech
Trust: 4.77
sources:
NVD: CVE-2020-14507 //
JVNDB: JVNDB-2020-008395 //
ZDI: ZDI-20-829 //
ZDI: ZDI-20-840 //
ZDI: ZDI-20-841 //
ZDI: ZDI-20-847 //
CNVD: CNVD-2020-54158 //
VULHUB: VHN-167392
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2020-54158
AFFECTED PRODUCTS
| vendor: | advantech | model: | iview | scope: | - | version: | - | Trust: 2.8 |
| vendor: | advantech | model: | iview | scope: | lte | version: | 5.6 | Trust: 1.0 |
| vendor: | advantech | model: | iview | scope: | eq | version: | 5.6 | Trust: 0.8 |
| vendor: | advantech | model: | iview | scope: | lte | version: | <=5.6 | Trust: 0.6 |
sources:
ZDI: ZDI-20-829 //
ZDI: ZDI-20-840 //
ZDI: ZDI-20-841 //
ZDI: ZDI-20-847 //
CNVD: CNVD-2020-54158 //
JVNDB: JVNDB-2020-008395 //
NVD: CVE-2020-14507
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
ZDI: ZDI-20-829 //
ZDI: ZDI-20-840 //
ZDI: ZDI-20-841 //
ZDI: ZDI-20-847 //
CNVD: CNVD-2020-54158 //
VULHUB: VHN-167392 //
JVNDB: JVNDB-2020-008395 //
CNNVD: CNNVD-202007-965 //
NVD: CVE-2020-14507
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.9 |
sources:
VULHUB: VHN-167392 //
JVNDB: JVNDB-2020-008395 //
NVD: CVE-2020-14507
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202007-965
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-202007-965
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-008395
PATCH
| title: | Advantech has issued an update to correct this vulnerability. | url: | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33 | Trust: 2.8 |
| title: | Top Page | url: | https://www.advantech.co.jp/ | Trust: 0.8 |
| title: | Patch for Advantech iView path traversal vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/235642 | Trust: 0.6 |
| title: | Advantech iView Repair measures for path traversal vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124491 | Trust: 0.6 |
sources:
ZDI: ZDI-20-829 //
ZDI: ZDI-20-840 //
ZDI: ZDI-20-841 //
ZDI: ZDI-20-847 //
CNVD: CNVD-2020-54158 //
JVNDB: JVNDB-2020-008395 //
CNNVD: CNNVD-202007-965
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-14507 | Trust: 5.9 |
| db: | ICS CERT | id: | ICSA-20-196-01 | Trust: 2.5 |
| db: | ZDI | id: | ZDI-20-829 | Trust: 2.4 |
| db: | ZDI | id: | ZDI-20-840 | Trust: 2.4 |
| db: | ZDI | id: | ZDI-20-841 | Trust: 2.4 |
| db: | ZDI | id: | ZDI-20-847 | Trust: 2.4 |
| db: | JVN | id: | JVNVU95694616 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2020-008395 | Trust: 0.8 |
| db: | ZDI_CAN | id: | ZDI-CAN-10636 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-10622 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-10623 | Trust: 0.7 |
| db: | ZDI_CAN | id: | ZDI-CAN-10630 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2020-54158 | Trust: 0.7 |
| db: | CNNVD | id: | CNNVD-202007-965 | Trust: 0.7 |
| db: | NSFOCUS | id: | 47232 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2020.2382 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-167392 | Trust: 0.1 |
sources:
ZDI: ZDI-20-829 //
ZDI: ZDI-20-840 //
ZDI: ZDI-20-841 //
ZDI: ZDI-20-847 //
CNVD: CNVD-2020-54158 //
VULHUB: VHN-167392 //
JVNDB: JVNDB-2020-008395 //
CNNVD: CNNVD-202007-965 //
NVD: CVE-2020-14507
REFERENCES
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01 | Trust: 3.1 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-20-196-33 | Trust: 2.8 |
| url: | https://www.zerodayinitiative.com/advisories/zdi-20-841/ | Trust: 2.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-14507 | Trust: 2.0 |
| url: | https://www.zerodayinitiative.com/advisories/zdi-20-829/ | Trust: 1.7 |
| url: | https://www.zerodayinitiative.com/advisories/zdi-20-840/ | Trust: 1.7 |
| url: | https://www.zerodayinitiative.com/advisories/zdi-20-847/ | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14507 | Trust: 0.8 |
| url: | https://jvn.jp/vu/jvnvu95694616/ | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.2382/ | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/47232 | Trust: 0.6 |
sources:
ZDI: ZDI-20-829 //
ZDI: ZDI-20-840 //
ZDI: ZDI-20-841 //
ZDI: ZDI-20-847 //
CNVD: CNVD-2020-54158 //
VULHUB: VHN-167392 //
JVNDB: JVNDB-2020-008395 //
CNNVD: CNNVD-202007-965 //
NVD: CVE-2020-14507
CREDITS
rgod
Trust: 2.8
sources:
ZDI: ZDI-20-829 //
ZDI: ZDI-20-840 //
ZDI: ZDI-20-841 //
ZDI: ZDI-20-847
SOURCES
| db: | ZDI | id: | ZDI-20-829 |
| db: | ZDI | id: | ZDI-20-840 |
| db: | ZDI | id: | ZDI-20-841 |
| db: | ZDI | id: | ZDI-20-847 |
| db: | CNVD | id: | CNVD-2020-54158 |
| db: | VULHUB | id: | VHN-167392 |
| db: | JVNDB | id: | JVNDB-2020-008395 |
| db: | CNNVD | id: | CNNVD-202007-965 |
| db: | NVD | id: | CVE-2020-14507 |
LAST UPDATE DATE
2024-08-14T14:03:38.948000+00:00
SOURCES UPDATE DATE
| db: | ZDI | id: | ZDI-20-829 | date: | 2020-07-16T00:00:00 |
| db: | ZDI | id: | ZDI-20-840 | date: | 2020-07-16T00:00:00 |
| db: | ZDI | id: | ZDI-20-841 | date: | 2020-07-16T00:00:00 |
| db: | ZDI | id: | ZDI-20-847 | date: | 2020-07-16T00:00:00 |
| db: | CNVD | id: | CNVD-2020-54158 | date: | 2020-09-27T00:00:00 |
| db: | VULHUB | id: | VHN-167392 | date: | 2020-07-21T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-008395 | date: | 2020-09-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-202007-965 | date: | 2020-12-31T00:00:00 |
| db: | NVD | id: | CVE-2020-14507 | date: | 2020-07-21T20:28:36.477 |
SOURCES RELEASE DATE
| db: | ZDI | id: | ZDI-20-829 | date: | 2020-07-16T00:00:00 |
| db: | ZDI | id: | ZDI-20-840 | date: | 2020-07-16T00:00:00 |
| db: | ZDI | id: | ZDI-20-841 | date: | 2020-07-16T00:00:00 |
| db: | ZDI | id: | ZDI-20-847 | date: | 2020-07-16T00:00:00 |
| db: | CNVD | id: | CNVD-2020-54158 | date: | 2020-09-27T00:00:00 |
| db: | VULHUB | id: | VHN-167392 | date: | 2020-07-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-008395 | date: | 2020-09-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-202007-965 | date: | 2020-07-14T00:00:00 |
| db: | NVD | id: | CVE-2020-14507 | date: | 2020-07-15T02:15:12.703 |