CVE-2024-20345

MEDIUM EXPLOITED

Cisco AppDynamics Controller - Path Traversal

Title source: llm

Exploitation Summary

CVE-2024-20345 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF

Scores

CVSS v3 6.5

EPSS 0.0031

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-05-10

CWE

CWE-26

Status published

Products (1)

cisco/appdynamics_controller < 23.4.0

Published Mar 06, 2024

Tracked Since Feb 18, 2026