CVE-2020-12010: Path Traversal
First published: Fri May 08 2020(Updated: )
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess | <=8.4.4 | |
| Advantech WebAccess | =9.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12010?
CVE-2020-12010 is a vulnerability found in Advantech WebAccess Node, versions 8.4.4 and prior, as well as version 9.0.0, which allows an authenticated user to delete files outside of the application's control.
How severe is CVE-2020-12010?
CVE-2020-12010 has a severity rating of 7.1, which is considered high.
What is the affected software by CVE-2020-12010?
The affected software by CVE-2020-12010 is Advantech WebAccess, versions 8.4.4 and prior, as well as version 9.0.0.
How can an authenticated user exploit CVE-2020-12010?
An authenticated user can exploit CVE-2020-12010 by using a specially crafted file to delete files outside of the application's control.
Where can I find more information about CVE-2020-12010?
You can find more information about CVE-2020-12010 at the following link: https://www.us-cert.gov/ics/advisories/icsa-20-128-01
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/advantech
- canonical/advantech webaccess
- version/advantech webaccess/8.4.4
- version/advantech webaccess/9.0.0