SERVER-WEBAPP Advantech WebAccess gmicons.asp picfile arbitrary file upload attempt
This event is generated when an attempted arbitrary file upload is conducted against an internal server running Advantech WebAccess.
Attempted Administrator Privilege Gain
parses a multipart/form-data POST request. In particular, there is a lack of appropriate validation on the filename parameter of
the picFile sub-part prior to utilizing it to form the resulting location where the picture file will be uploaded to. By placing NULL
bytes within the correct location within the filename parameter, an attacker can bypass the implemented file upload checks to
upload arbitrary files to the Advantech WebAccess webserver. Additionally, due to a lack of authorization checks and improper
protection against directory traversal attacks, it is possible for unauthenticated attackers to exploit this vulnerability to upload files to any location on the Advantech WebAccess server that the web service has access to.
- Advantech WebAccess 3 Version 8.3.0 and prior
Ease of attack
Simple, no public proofs of concept yet.
Patch as soon as corporate policies allow.
- Cisco's Talos Intelligence Group