RSS   Vulnerabilities for 'Gigavue'   RSS

2020-04-29
 
CVE-2020-12252

CWE-434
 

 
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter.

 
 
CVE-2020-12251

CWE-22
 

 
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.

 

 >>> Vendor: Gigamon 2 Products
Gigavue
Gigavue-os


Copyright 2024, cxsecurity.com

 

Back to Top