PT-2020-13074 · Gigamon · Gigavue

Balazs Hambalko

Published

2020-04-29

Updated

2020-05-18

CVE-2020-12252

CVSS v3.1

6.2

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gigamon GigaVUE version 5.5.01.11

Description An issue was discovered in the upload functionality, allowing an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, it could yield remote code execution via the filename parameter.

Recommendations For Gigamon GigaVUE version 5.5.01.11, consider restricting access to the upload functionality to prevent arbitrary file uploads until a patch is available. As a temporary workaround, avoid using the filename parameter in the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2020-12252

Affected Products

Gigavue

PT-2020-13074 · Gigamon · Gigavue

CVE-2020-12252

Weakness Enumeration

Related Identifiers

Affected Products

References · 5