CVE-2020-5804

Name of the Vulnerable Software and Affected Versions: Marvell QConvergeConsole GUI versions 5.5.0.74 and earlier

Description: The issue concerns a path traversal vulnerability. Specifically, the deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. This allows an authenticated, remote attacker to delete arbitrary remote files as SYSTEM or root.

Recommendations: For Marvell QConvergeConsole GUI versions 5.5.0.74 and earlier, consider disabling the deleteEventLogFile method of the GWTTestServiceImpl class until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.