AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal

vendor:

Access Anywhere Secure Gateway

by:

Jens Regel (CRISEC IT-Security)

8.8

CVSS

HIGH

Path Traversal

CWE

Product Name: Access Anywhere Secure Gateway

Affected Version From: Access Anywhere Secure Gateway versions 2020 R2 and older

Affected Version To: Access Anywhere Secure Gateway versions 2020 R2

Patch Exists: Yes

Related CWE: CVE-2022-23854

CPE: a:aveva:access_anywhere_secure_gateway:2020_r2

Metasploit:

Other Scripts:

Tags: lfi,packetstorm,cve,cve2022,aveva,intouch

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Nuclei References: https://packetstormsecurity.com/files/cve/CVE-2022-23854, https://www.aveva.com, https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854, https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02

Nuclei Metadata: {'max-request': 1, 'shodan-query': 'http.html:"InTouch Access Anywhere"', 'verified': True, 'vendor': 'aveva', 'product': 'intouch_access_anywhere'}

Platforms Tested: Windows

2022

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 – Path Traversal

A path traversal vulnerability in Access Anywhere Secure Gateway versions 2020 R2 and older allows an attacker to read arbitrary files on the server. This is achieved by sending a specially crafted HTTP request containing a path traversal sequence of '../../../../../../../../windows/win.ini' to the server.

Mitigation:

Upgrade to Access Anywhere Secure Gateway 2020 R3 or later.

Source

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 – Path Traversal

Mitigation:

Exploit-DB raw data: