CVE-2020-12251

Name of the Vulnerable Software and Affected Versions Gigamon GigaVUE version 5.5.01.11

Description An issue was discovered in the upload functionality, allowing an authenticated user to change the filename value in the POST method to achieve directory traversal via a ../ sequence. This could potentially allow an attacker to obtain a complete directory listing of the machine.

Recommendations For Gigamon GigaVUE version 5.5.01.11, consider restricting access to the upload functionality until a patch is available. As a temporary workaround, avoid using the filename value in the POST method to prevent directory traversal attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.