CVE-2017-16720

high-risk
Published 2018-01-05

A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.

Do I need to act?

!
21.8% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
44278
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Advantech

References (9)

Third Party Advisory http://www.securityfocus.com/bid/102424
Broken Link https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
Exploit https://www.exploit-db.com/exploits/44278/
Third Party Advisory https://www.tenable.com/security/research/tra-2018-23
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-18-024/
Third Party Advisory http://www.securityfocus.com/bid/102424
Broken Link https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
Exploit https://www.exploit-db.com/exploits/44278/
Third Party Advisory https://www.tenable.com/security/research/tra-2018-23
58
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 21/34 · High
Exposure 5/34 · Minimal