VAR-201702-0853
Vulnerability from variot - Updated: 2023-12-18 12:51An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech SUSIAccess Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UpgradeMgmt servlet upload function. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. SUSIAccess is an easy-to-use remote device management software solution. Advantech SUISAccess Server is a set of Advantech's Platform as a Service (PaaS) products for cloud and Internet of Things (IoT) devices. A directory traversal vulnerability exists in Advantech SUISAccess Server 3.0 and earlier. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "susiaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "advantech",
"version": "3.0"
},
{
"model": "susiaccess",
"scope": "lte",
"trust": 0.8,
"vendor": "advantech",
"version": "server 3.0"
},
{
"model": "susiaccess server",
"scope": null,
"trust": 0.7,
"vendor": "advantech",
"version": null
},
{
"model": "suisaccess server",
"scope": "lte",
"trust": 0.6,
"vendor": "advantech",
"version": "\u003c=3.0"
},
{
"model": "susiaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "advantech",
"version": "3.0"
},
{
"model": "suisaccess server",
"scope": "eq",
"trust": 0.3,
"vendor": "advantech",
"version": "3.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "BID",
"id": "94629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:advantech:susiaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9351"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod working with Zero Day Initiative (ZDI).",
"sources": [
{
"db": "BID",
"id": "94629"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9351",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9351",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2016-9351",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11830",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-98171",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9351",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9351",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2016-9351",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-11830",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-012",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98171",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "VULHUB",
"id": "VHN-98171"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech SUSIAccess Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the UpgradeMgmt servlet upload function. The issue lies in the failure to properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. SUSIAccess is an easy-to-use remote device management software solution. Advantech SUISAccess Server is a set of Advantech\u0027s Platform as a Service (PaaS) products for cloud and Internet of Things (IoT) devices. \nA directory traversal vulnerability exists in Advantech SUISAccess Server 3.0 and earlier. \nAn attacker can exploit these issues using directory-traversal characters (\u0027../\u0027) to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
},
{
"db": "BID",
"id": "94629"
},
{
"db": "VULHUB",
"id": "VHN-98171"
}
],
"trust": 3.69
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-98171",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98171"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9351",
"trust": 4.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-04",
"trust": 3.4
},
{
"db": "BID",
"id": "94629",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "42402",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3876",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-16-630",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11830",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98171",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "VULHUB",
"id": "VHN-98171"
},
{
"db": "BID",
"id": "94629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
]
},
"id": "VAR-201702-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "VULHUB",
"id": "VHN-98171"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11830"
}
]
},
"last_update_date": "2023-12-18T12:51:23.794000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SUSIAccess",
"trust": 0.8,
"url": "http://www2.advantech.com/industrialcloud/about_what.aspx"
},
{
"title": "Advantech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-04"
},
{
"title": "Patch for Advantech SUSIAccess Server Directory Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84927"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98171"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"db": "NVD",
"id": "CVE-2016-9351"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-04"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94629"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/42402/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9351"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9351"
},
{
"trust": 0.3,
"url": "http://webaccess.advantech.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "VULHUB",
"id": "VHN-98171"
},
{
"db": "BID",
"id": "94629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "VULHUB",
"id": "VHN-98171"
},
{
"db": "BID",
"id": "94629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-13T00:00:00",
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"date": "2016-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98171"
},
{
"date": "2016-12-01T00:00:00",
"db": "BID",
"id": "94629"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"date": "2017-02-13T21:59:01.907000",
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-13T00:00:00",
"db": "ZDI",
"id": "ZDI-16-630"
},
{
"date": "2016-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"date": "2017-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-98171"
},
{
"date": "2016-12-20T02:04:00",
"db": "BID",
"id": "94629"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007631"
},
{
"date": "2017-08-12T01:29:01.393000",
"db": "NVD",
"id": "CVE-2016-9351"
},
{
"date": "2016-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advantech SUSIAccess Server Directory Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11830"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-012"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…