PT-2018-3100 · Advantech · Advantech Webaccess

Published

2018-10-23

Updated

2019-10-09

CVE-2018-14828

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions 8.3.1 and earlier

Description The issue is related to improper privilege management, which may allow an attacker to access files and perform actions at a system administrator level. This could enable an attacker to elevate their privileges and gain unauthorized access to files.

Recommendations For Advantech WebAccess versions 8.3.1 and earlier, consider restricting access to sensitive files and system administrator functions until a patch is available. As a temporary workaround, review and modify the access control settings to prevent unauthorized privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2019-04031

CVE-2018-14828

ZDI-18-1319

Affected Products

Advantech Webaccess

PT-2018-3100 · Advantech · Advantech Webaccess

CVE-2018-14828

Weakness Enumeration

Related Identifiers

Affected Products

References · 10