Remote Code Execution Vulnerability in Marvell QConvergeConsole
CVE-2020-17388

8.8HIGH

Key Information:

Vendor: Marvell
Status: Qconvergeconsole
Vendor: CVE Published:; 25 August 2020

What is CVE-2020-17388?

A remote code execution vulnerability exists in Marvell QConvergeConsole 5.5.0.64, where attackers can exploit a flaw in the Tomcat configuration file. The vulnerability allows for the bypassing of the authentication mechanism, enabling unauthorized users to execute arbitrary code within the context of the SYSTEM account. This poses significant security risks as it opens pathways for attackers to manipulate system processes and access sensitive data.

Affected Version(s)

QConvergeConsole 5.5.0.64

References

https://www.marvell.com/content/dam/marvell/en/public-col...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-975/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2020
Vulnerability Reserved
Aug 7, 2020

Credit

Sivathmican Sivakumaran of Trend Micro Zero Day Initiative