Rewterz Threat Advisory – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Security Updates
May 8, 2020Rewterz Threat Alert – Emotet Malware – IOCs
May 8, 2020Severity
High
Analysis Summary
CVE-2020-12022
An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
CVE-2020-12010
Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
CVE-2020-12006
Multiple relative path traversal vulnerabilities exist that may allow an attacker to overwrite files outside the application’s control.
CVE-2020-12026
Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
CVE-2020-12014
Input is not properly sanitized and may allow an attacker to inject SQL commands.
CVE-2020-12002
Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
CVE-2020-12018
An out-of-bounds vulnerability exists that may allow access to unauthorized data.
Impact
- Information disclosure
- Remote code execution
- Compromise system availability.
Affected Vendors
Advantech
Affected Products
- WebAccess Node Version 8.4.4 and prior
- WebAccess Node Version 9.0.0
Remediation
For users currently using WebAccessNode Version 8.4.4 update to version :
For users currently using WebAccessNode Version 9.0.0 update to version :