CVE-2020-12010

Name of the Vulnerable Software and Affected Versions Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0

Description Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. The issue involves the use of IOCTL commands, including 0x2711, 0x2715, and 0x2738, which can lead to arbitrary file deletion vulnerabilities in various components such as BwFLApp, BwPFile, and BwPSLink.

Recommendations For Advantech WebAccess Node versions 8.4.4 and prior, consider restricting access to the application until a patch is available. For Advantech WebAccess Node version 9.0.0, consider disabling the use of IOCTL commands 0x2711, 0x2715, and 0x2738 as a temporary workaround until a patch is available. As a general mitigation measure, restrict access to the vulnerable components, such as BwFLApp, BwPFile, and BwPSLink, to minimize the risk of exploitation.