CVE-2022-23854
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
AVEVA InTouch Access Anywhere versiones 2020 R2 y anteriores son vulnerables a una explotación de path traversal que podrÃa permitir a un usuario no autenticado con acceso a la red leer archivos en el sistema fuera del servidor web de puerta de enlace segura.
InTouch Access Anywhere Secure Gateway versions 2020 R2 and below suffer from a path traversal vulnerability.
*Credits:
Jens Regel, CRISEC
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-24 CVE Reserved
- 2022-09-09 CVE Published
- 2022-11-11 First Exploit
- 2024-10-11 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-23: Relative Path Traversal
CAPEC
References (4)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/51028 | 2022-11-11 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Aveva Search vendor "Aveva" | Intouch Access Anywhere Search vendor "Aveva" for product "Intouch Access Anywhere" | < 2020 Search vendor "Aveva" for product "Intouch Access Anywhere" and version " < 2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch Access Anywhere Search vendor "Aveva" for product "Intouch Access Anywhere" | 2020 Search vendor "Aveva" for product "Intouch Access Anywhere" and version "2020" | - |
Affected
| ||||||
| Aveva Search vendor "Aveva" | Intouch Access Anywhere Search vendor "Aveva" for product "Intouch Access Anywhere" | 2020 Search vendor "Aveva" for product "Intouch Access Anywhere" and version "2020" | r2 |
Affected
| ||||||