Vulnerabilities > CVE-2016-0854 - Unspecified vulnerability in Advantech Webaccess
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Vulnerable Configurations
Exploit-Db
| description | Advantech WebAccess Dashboard Viewer Arbitrary File Upload. CVE-2016-0854. Remote exploit for windows platform |
| file | exploits/windows/remote/39735.rb |
| id | EDB-ID:39735 |
| last seen | 2016-04-26 |
| modified | 2016-04-26 |
| platform | windows |
| port | 80 |
| published | 2016-04-26 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/39735/ |
| title | Advantech WebAccess Dashboard Viewer Arbitrary File Upload |
| type | remote |
Metasploit
| description | This module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool. |
| id | MSF:EXPLOIT/WINDOWS/SCADA/ADVANTECH_WEBACCESS_DASHBOARD_FILE_UPLOAD |
| last seen | 2020-06-10 |
| modified | 2017-07-24 |
| published | 2016-04-17 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/scada/advantech_webaccess_dashboard_file_upload.rb |
| title | Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/136769/advantech_webaccess_dashboard_file_upload.rb.txt |
| id | PACKETSTORM:136769 |
| last seen | 2016-12-05 |
| published | 2016-04-22 |
| reporter | rgod |
| source | https://packetstormsecurity.com/files/136769/Advantech-WebAccess-8.0-Dashboard-Viewer-Arbitrary-File-Upload.html |
| title | Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload |
References
- https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
- http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
- https://www.exploit-db.com/exploits/39735/
- http://www.zerodayinitiative.com/advisories/ZDI-16-127
- http://www.zerodayinitiative.com/advisories/ZDI-16-129
- http://www.zerodayinitiative.com/advisories/ZDI-16-128