CVE-2020-5804

2021-01-0815:12:54

tenable

www.cve.org

marvell qconvergeconsole

path traversal

file deletion

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

53.9%

JSON

Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.

CNA Affected

[
  {
    "product": "Marvell QConvergeConsole GUI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "5.5.0.74"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2021-01