Lucene search
RgodZDI-16-630HistoryDec 13, 2016 - 12:00 a.m.
Advantech SUSIAccess Server UpgradeMgmt upload Directory Traversal Remote Code Execution Vulnerability
2016-12-1300:00:00
rgod
www.zerodayinitiative.com
16
0.001 Low
EPSS
Percentile
41.0%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech SUSIAccess Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UpgradeMgmt servlet upload function. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM.
Related
prion
prion
Directory traversal
2017-02-13 21:59:00
nvd
nvd
CVE-2016-9351
2017-02-13 21:59:01
cvelist
cvelist
CVE-2016-9351
2017-02-13 21:00:00
cve
cve
CVE-2016-9351
2017-02-13 21:59:01
packetstorm
packetstorm
Advantech SUSIAccess 3.0 File Upload
2017-08-02 00:00:00
zdt
zdt
Advantech SUSIAccess <= 3.0 - RecoveryMgmt File Upload Exploit
2017-08-01 00:00:00
exploitpack
exploitpack
Advantech SUSIAccess 3.0 - RecoveryMgmt File Upload
2017-08-01 00:00:00
exploitdb
exploitdb
Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload
2017-08-01 00:00:00
ics
ics
Advantech SUSIAccess Server Vulnerabilities
2016-12-01 12:00:00