Cisco AppDynamics Controller Vulnerability Could Lead to Directory Traversal Attacks
CVE-2024-20345
6.5MEDIUM
Key Information
- Vendor
- Cisco
- Status
- Cisco Appdynamics
- Vendor
- CVE Published:
- 6 March 2024
Badges
๐พ Exploit Exists
Summary
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.
Affected Version(s)
Cisco AppDynamics = 21.2.0
Cisco AppDynamics = 21.2.1
Cisco AppDynamics = 21.2.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database