Sign-up

ID

VAR-202004-0077


CVE

CVE-2020-10617


TITLE

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

Trust: 7.7

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-429 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-431 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441

DESCRIPTION

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of calls to the handleDeviceNameByIpAddress method of the MibBrowser class. When parsing the ipAddress parameter of the devicename endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise

Trust: 11.61

sources: NVD: CVE-2020-10617 // ZDI: ZDI-20-374 // ZDI: ZDI-20-441 // ZDI: ZDI-20-401 // ZDI: ZDI-20-411 // ZDI: ZDI-20-431 // ZDI: ZDI-20-419 // ZDI: ZDI-20-399 // ZDI: ZDI-20-429 // ZDI: ZDI-20-438 // ZDI: ZDI-20-381 // ZDI: ZDI-20-409 // ZDI: ZDI-20-396 // ZDI: ZDI-20-416 // ZDI: ZDI-20-395 // ZDI: ZDI-20-439 // ZDI: ZDI-20-412 // ZDI: ZDI-20-391

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess/nmsscope: - version: -

Trust: 11.9

vendor:advantechmodel:webaccess\/nmsscope:ltversion:3.0.2

Trust: 1.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-409 // ZDI: ZDI-20-381 // ZDI: ZDI-20-391 // ZDI: ZDI-20-429 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-431 // ZDI: ZDI-20-411 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441 // NVD: CVE-2020-10617

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2020-10617
value: HIGH

Trust: 11.9

nvd@nist.gov: CVE-2020-10617
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202004-397
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-10617
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

ZDI: CVE-2020-10617
baseSeverity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 11.9

nvd@nist.gov: CVE-2020-10617
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-409 // ZDI: ZDI-20-381 // ZDI: ZDI-20-391 // ZDI: ZDI-20-429 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-431 // ZDI: ZDI-20-411 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441 // CNNVD: CNNVD-202004-397 // NVD: CVE-2020-10617

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.0

sources: NVD: CVE-2020-10617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-397

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202004-397

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 11.9

title:Advantech WebAccess/NMS SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113477

Trust: 0.6

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-409 // ZDI: ZDI-20-381 // ZDI: ZDI-20-391 // ZDI: ZDI-20-429 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-431 // ZDI: ZDI-20-411 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441 // CNNVD: CNNVD-202004-397

EXTERNAL IDS

db:NVDid:CVE-2020-10617

Trust: 13.5

db:ICS CERTid:ICSA-20-098-01

Trust: 1.6

db:ZDI_CANid:ZDI-CAN-9820

Trust: 0.7

db:ZDIid:ZDI-20-438

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9567

Trust: 0.7

db:ZDIid:ZDI-20-374

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9765

Trust: 0.7

db:ZDIid:ZDI-20-412

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9821

Trust: 0.7

db:ZDIid:ZDI-20-439

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9589

Trust: 0.7

db:ZDIid:ZDI-20-395

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9776

Trust: 0.7

db:ZDIid:ZDI-20-416

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9601

Trust: 0.7

db:ZDIid:ZDI-20-396

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9701

Trust: 0.7

db:ZDIid:ZDI-20-409

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9574

Trust: 0.7

db:ZDIid:ZDI-20-381

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9584

Trust: 0.7

db:ZDIid:ZDI-20-391

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9810

Trust: 0.7

db:ZDIid:ZDI-20-429

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9613

Trust: 0.7

db:ZDIid:ZDI-20-399

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9793

Trust: 0.7

db:ZDIid:ZDI-20-419

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9813

Trust: 0.7

db:ZDIid:ZDI-20-431

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9760

Trust: 0.7

db:ZDIid:ZDI-20-411

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9623

Trust: 0.7

db:ZDIid:ZDI-20-401

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-9823

Trust: 0.7

db:ZDIid:ZDI-20-441

Trust: 0.7

db:ZDIid:ZDI-20-445

Trust: 0.6

db:AUSCERTid:ESB-2020.1251

Trust: 0.6

db:NSFOCUSid:46349

Trust: 0.6

db:CNNVDid:CNNVD-202004-397

Trust: 0.6

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-409 // ZDI: ZDI-20-381 // ZDI: ZDI-20-391 // ZDI: ZDI-20-429 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-431 // ZDI: ZDI-20-411 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441 // CNNVD: CNNVD-202004-397 // NVD: CVE-2020-10617

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-098-01

Trust: 13.5

url:http://www.nsfocus.net/vulndb/46349

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1251/

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-445/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-10617

Trust: 0.6

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-409 // ZDI: ZDI-20-381 // ZDI: ZDI-20-391 // ZDI: ZDI-20-429 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-431 // ZDI: ZDI-20-411 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441 // CNNVD: CNNVD-202004-397 // NVD: CVE-2020-10617

CREDITS

rgod of 9sg

Trust: 11.2

sources: ZDI: ZDI-20-438 // ZDI: ZDI-20-374 // ZDI: ZDI-20-412 // ZDI: ZDI-20-439 // ZDI: ZDI-20-395 // ZDI: ZDI-20-416 // ZDI: ZDI-20-396 // ZDI: ZDI-20-409 // ZDI: ZDI-20-381 // ZDI: ZDI-20-391 // ZDI: ZDI-20-429 // ZDI: ZDI-20-399 // ZDI: ZDI-20-419 // ZDI: ZDI-20-431 // ZDI: ZDI-20-401 // ZDI: ZDI-20-441

SOURCES

db:ZDIid:ZDI-20-438
db:ZDIid:ZDI-20-374
db:ZDIid:ZDI-20-412
db:ZDIid:ZDI-20-439
db:ZDIid:ZDI-20-395
db:ZDIid:ZDI-20-416
db:ZDIid:ZDI-20-396
db:ZDIid:ZDI-20-409
db:ZDIid:ZDI-20-381
db:ZDIid:ZDI-20-391
db:ZDIid:ZDI-20-429
db:ZDIid:ZDI-20-399
db:ZDIid:ZDI-20-419
db:ZDIid:ZDI-20-431
db:ZDIid:ZDI-20-411
db:ZDIid:ZDI-20-401
db:ZDIid:ZDI-20-441
db:CNNVDid:CNNVD-202004-397
db:NVDid:CVE-2020-10617

LAST UPDATE DATE

2025-04-28T23:00:25.417000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-438date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-374date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-412date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-439date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-395date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-416date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-396date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-409date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-381date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-391date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-429date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-399date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-419date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-431date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-411date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-401date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-441date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202004-397date:2020-04-14T00:00:00
db:NVDid:CVE-2020-10617date:2024-11-21T04:55:42.477

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-438date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-374date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-412date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-439date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-395date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-416date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-396date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-409date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-381date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-391date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-429date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-399date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-419date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-431date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-411date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-401date:2020-04-08T00:00:00
db:ZDIid:ZDI-20-441date:2020-04-08T00:00:00
db:CNNVDid:CNNVD-202004-397date:2020-04-07T00:00:00
db:NVDid:CVE-2020-10617date:2020-04-09T14:15:12.510