module
Advantech iView Unauthenticated Remote Code Execution
| Disclosed |
|---|
| 2021-02-09 |
Disclosed
2021-02-09
Description
This module exploits an unauthenticated configuration change combined
with an unauthenticated file write primitive, leading to an arbitrary
file write that allows for remote code execution as the user running
iView, which is typically NT AUTHORITY\SYSTEM.
This issue was demonstrated in the vulnerable version 5.7.02.5992 and
fixed in version 5.7.03.6112.
with an unauthenticated file write primitive, leading to an arbitrary
file write that allows for remote code execution as the user running
iView, which is typically NT AUTHORITY\SYSTEM.
This issue was demonstrated in the vulnerable version 5.7.02.5992 and
fixed in version 5.7.03.6112.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.