Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
MS-RPC:DCE-RPC-ADVANTECH-RCE |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
MS-RPC |
Keywords |
Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution |
Release Date |
2018/06/25 |
Update Number |
3077 |
Supported Platforms |
idp-4.1.110110609+, isg-3.5.141818+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
MS-RPC: Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution
This signature detects attempt to exploit a directory traversal and remote code execution vulnerability exists in Advantech WebAccess software. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the remote service. Successful exploitation could lead to remote code execution on the target server with privileges of the application process.
Extended Description
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
Affected Products
- Advantech webaccess 8.3.2
References
- BugTraq: 102424
- CVE: CVE-2019-13552
- CVE: CVE-2017-16720
- URL: http://www.zerodayinitiative.com/advisories/zdi-20-447/