Cisco AppDynamics Controller Vulnerability Could Lead to Directory Traversal Attacks
CVE-2024-20345

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Appdynamics
Vendor: CVE Published:; 6 March 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

Affected Version(s)

Cisco AppDynamics 21.2.0

Cisco AppDynamics 21.2.1

Cisco AppDynamics 21.2.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Nov 5, 2024
Vulnerability published
Mar 6, 2024
Vulnerability Reserved
Nov 8, 2023