CVE-2018-15706: Path Traversal
First published: Wed Oct 31 2018(Updated: )
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess | =8.3.1 | |
| Advantech WebAccess | =8.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Advantech WebAccess?
The vulnerability ID for Advantech WebAccess is CVE-2018-15706.
What is the severity of CVE-2018-15706?
The severity of CVE-2018-15706 is medium with a CVSS score of 6.5.
What is the affected software version of CVE-2018-15706?
The affected software versions of CVE-2018-15706 are Advantech WebAccess 8.3.1 and 8.3.2.
How can a remote authenticated attacker exploit CVE-2018-15706?
A remote authenticated attacker can exploit CVE-2018-15706 by using the WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
Where can I find more information about CVE-2018-15706?
You can find more information about CVE-2018-15706 at the following link: https://www.tenable.com/security/research/tra-2018-35
- collector/nvd-index
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/advantech
- canonical/advantech webaccess
- version/advantech webaccess/8.3.1
- version/advantech webaccess/8.3.2