Absolute Path Traversal

CVE-2017-7929

High

7.1/10

Summary

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: HIGH

CWE-36 - Absolute Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

References

Advisory Timeline

Published May 06, 2017

Absolute Path Traversal

CVE-2017-7929

Summary

CWE-36 - Absolute Path Traversal

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS