CVE-2020-12251
LOWGigamon GigaVUE 5.4-5.4.04 - Authenticated Path Traversal and Arbitrary File Write via Upload Filename Manipulation
Title source: llmDescription
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Apr/56
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html
Scores
CVSS v3
2.2
EPSS
0.0120
EPSS Percentile
64.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
gigamon/gigavue
5.4 - 5.4.04
Published
Apr 29, 2020
Tracked Since
Feb 18, 2026