CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24990

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.03

EPSS Ranking 86.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/159699/QSC-Q-SYS-Core-Manager-8.2.1-Directory-Traversal.html
http://seclists.org/fulldisclosure/2020/Oct/30
https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm
http://packetstormsecurity.com/files/159699/QSC-Q-SYS-Core-Manager-8.2.1-Directory-Traversal.html
http://seclists.org/fulldisclosure/2020/Oct/30
https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm

Products affected by CVE-2020-24990

Qsc » Q-Sys Core Manager » Version: 8.2.1

cpe:2.3:a:qsc:q-sys_core_manager:8.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24990

Products

Pricing

Contact Us