Vulnerability Details CVE-2020-12252
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.1%
CVSS Severity
CVSS v3 Score 6.2
CVSS v2 Score 6.0
References
- http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html
- https://seclists.org/fulldisclosure/2020/Apr/56
- http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html
- https://seclists.org/fulldisclosure/2020/Apr/56
Products affected by CVE-2020-12252
-
cpe:2.3:a:gigamon:gigavue:5.4
-
cpe:2.3:a:gigamon:gigavue:5.5
-
cpe:2.3:a:gigamon:gigavue:5.5.01.11
-
cpe:2.3:a:gigamon:gigavue:5.6
-
cpe:2.3:a:gigamon:gigavue:5.7
-
cpe:2.3:a:gigamon:gigavue:5.8
-
cpe:2.3:a:gigamon:gigavue:5.9