CVE-2024-20345

Published Mar 6, 2024

Last updated 10 days ago

Overview

Description
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.
Source
ykramarz@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

ykramarz@cisco.com
CWE-26
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-22

Social media

Hype score
Not currently trending

References