CVE-2020-12010

HIGH

Advantech WebAccess < 8.4.4 and 9.0.0 - Authenticated Path Traversal via Specially Crafted File

Title source: llm
STIX 2.1

Description

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-128-01

Scores

CVSS v3 7.1
EPSS 0.0058
EPSS Percentile 69.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE
CWE-22 CWE-23
Status published
Products (2)
advantech/webaccess 9.0.0
advantech/webaccess < 8.4.4
Published May 08, 2020
Tracked Since Feb 18, 2026