CVE-2020-3490

Name of the Vulnerable Software and Affected Versions Cisco Vision Dynamic Signage Director (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The issue exists due to the interface's failure to properly validate user-supplied input. An attacker could exploit this by sending a crafted HTTP request containing directory traversal character sequences to an affected system, potentially allowing them to read files on the underlying operating system with root privileges.

Recommendations To resolve the issue, update the Cisco Vision Dynamic Signage Director to a version that properly validates user-supplied input in the web-based management interface. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.