CVE-2022-23854 – AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal

https://notcve.org/view.php?id=CVE-2022-23854

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server. AVEVA InTouch Access Anywhere versiones 2020 R2 y anteriores son vulnerables a una explotación de path traversal que podría permitir a un usuario no autenticado con acceso a la red leer archivos en el sistema fuera del servidor web de puerta de enlace segura. InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability. • https://www.exploit-db.com/exploits/51028 https://crisec.de/advisory-aveva-intouch-access-anywhere-secure-gateway-path-traversal https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2023-001_r.pdf https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •