HTTP: Advantech iView ConfigurationServlet column_value SQL Injection
This signature detects attempts to exploit a known vulnerability against Advantech iView ConfigurationServlet. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
Affected Products
Advantech iview
Short Name
HTTP:SQL:INJ:ADVNTEC-CNFG-SRVLT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Advantech CVE-2022-3323 CVE-2023-3983 ConfigurationServlet Injection SQL column_value iView
Release Date
10/18/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3633
False Positive
Unknown
Vendors
Advantech