CVE-2020-12251
Published Apr 29, 2020
Last updated 4 years ago
Overview
- Description
- An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 2.2
- Impact score
- 1.4
- Exploitability score
- 0.7
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0F7A693-C18C-4161-B7DA-87B225BAEB7F",
"versionEndExcluding": "5.4.04",
"versionStartIncluding": "5.4"
},
{
"criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C3ABC43-2D02-4EE5-81B9-A4A19530B8C6",
"versionEndExcluding": "5.5.02",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99A1B0E4-F3E4-41D9-9F4A-1417B905A954",
"versionEndExcluding": "5.6.02",
"versionStartIncluding": "5.6"
},
{
"criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DC0D650-83F7-4DD3-8A45-A80DE070BA59",
"versionEndExcluding": "5.7.04",
"versionStartIncluding": "5.7"
},
{
"criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52761149-190E-4F36-AB31-F5301C1163D8",
"versionEndExcluding": "5.8.02",
"versionStartIncluding": "5.8"
},
{
"criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C112A4F9-8D70-4577-B28F-D4C414219064",
"versionEndExcluding": "5.9.00.04",
"versionStartIncluding": "5.9"
}
],
"operator": "OR"
}
]
}
]