Lucene search

K
cve[email protected]CVE-2024-20345
HistoryMar 06, 2024 - 5:15 p.m.

CVE-2024-20345

2024-03-0617:15:09
CWE-26
web.nvd.nist.gov
51
cve-2024-20345
cisco
appdynamics controller
file upload
vulnerability
directory traversal
nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco AppDynamics",
    "versions": [
      {
        "version": "21.2.0",
        "status": "affected"
      },
      {
        "version": "21.2.1",
        "status": "affected"
      },
      {
        "version": "21.2.2",
        "status": "affected"
      },
      {
        "version": "21.2.3",
        "status": "affected"
      },
      {
        "version": "21.2.6",
        "status": "affected"
      },
      {
        "version": "21.2.7",
        "status": "affected"
      },
      {
        "version": "21.2.8",
        "status": "affected"
      },
      {
        "version": "21.4.0",
        "status": "affected"
      },
      {
        "version": "21.4.10",
        "status": "affected"
      },
      {
        "version": "21.4.11",
        "status": "affected"
      },
      {
        "version": "21.4.2",
        "status": "affected"
      },
      {
        "version": "21.4.3",
        "status": "affected"
      },
      {
        "version": "21.4.4",
        "status": "affected"
      },
      {
        "version": "21.4.5",
        "status": "affected"
      },
      {
        "version": "21.4.6",
        "status": "affected"
      },
      {
        "version": "21.4.7",
        "status": "affected"
      },
      {
        "version": "21.4.8",
        "status": "affected"
      },
      {
        "version": "21.4.9",
        "status": "affected"
      },
      {
        "version": "21.11.0",
        "status": "affected"
      },
      {
        "version": "21.5.0",
        "status": "affected"
      },
      {
        "version": "21.6.0",
        "status": "affected"
      },
      {
        "version": "21.12.0",
        "status": "affected"
      },
      {
        "version": "21.12.2",
        "status": "affected"
      },
      {
        "version": "21.12.1",
        "status": "affected"
      },
      {
        "version": "22.1.0",
        "status": "affected"
      },
      {
        "version": "22.1.1",
        "status": "affected"
      },
      {
        "version": "22.11.0",
        "status": "affected"
      },
      {
        "version": "22.3.0",
        "status": "affected"
      },
      {
        "version": "22.10.0",
        "status": "affected"
      },
      {
        "version": "22.12.0",
        "status": "affected"
      },
      {
        "version": "22.12.1",
        "status": "affected"
      },
      {
        "version": "21.7.0",
        "status": "affected"
      },
      {
        "version": "22.8.0",
        "status": "affected"
      },
      {
        "version": "23.2.0",
        "status": "affected"
      },
      {
        "version": "23.4.0",
        "status": "affected"
      },
      {
        "version": "23.7.1",
        "status": "affected"
      },
      {
        "version": "23.7.0",
        "status": "affected"
      }
    ]
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-20345