CVE-2020-12252
MEDIUMGigamon GigaVUE 5.4-5.4.04 - Authenticated Unrestricted File Upload via Filename Parameter
Title source: llmDescription
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Apr/56
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html
Scores
CVSS v3
6.2
EPSS
0.0197
EPSS Percentile
78.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
gigamon/gigavue
5.4 - 5.4.04
Published
Apr 29, 2020
Tracked Since
Feb 18, 2026