Vulnerability Details CVE-2020-5804
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 8.5
References
Products affected by CVE-2020-5804
-
cpe:2.3:a:marvell:qconvergeconslole_gui:-
-
cpe:2.3:a:marvell:qconvergeconslole_gui:5.5.0.74