CVE-2024-20345

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF

Configurations

No configuration.

History

No history.

Information

Published : 2024-03-06 17:15

Updated : 2024-03-07 13:52

NVD link : CVE-2024-20345

Mitre link : CVE-2024-20345

CVE.ORG link : CVE-2024-20345

JSON object : View

Products Affected

No product.

CWE

CWE-26

Path Traversal: '/dir/../filename'

6.5 /10