cbcvebase.
CVE-2020-16245
published 2020-08-25

CVE-2020-16245: Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.72%
93.9th percentile
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.

Affected

1 ranges
VendorProductVersion rangeFixed in
advantechiview<= 5.7

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is Path Traversal (CWE-22) in Advantech iView; monitor for directory traversal sequences in HTTP requests targeting iView endpoints, which could be used to create/download arbitrary files or achieve remote code execution.
  • The vulnerability is exploitable remotely with no authentication and low skill level required (CVSS v3 9.8, AV:N/AC:L/PR:N/UI:N), meaning unauthenticated network requests to iView should be treated as high-risk and scrutinized for traversal patterns.
  • Affected versions are iView 5.7 and prior; presence of these versions in the environment should be flagged as unpatched and at critical risk.
  • ·No known public exploits specifically target this vulnerability at the time of advisory publication, reducing immediate weaponized exploit risk but not eliminating it.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.