CVE-2024-20345 - OpenCVE

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2024-03-06T16:33:48.826Z

Updated: 2024-06-04T17:40:16.160Z

Reserved: 2023-11-08T15:08:07.643Z

Link: CVE-2024-20345

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-06T17:15:09.973

Modified: 2024-03-07T13:52:27.110

Link: CVE-2024-20345

JSON object: View

Redhat Information

No data.

CWE

CWE-26

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20345", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.643Z", "datePublished": "2024-03-06T16:33:48.826Z", "dateUpdated": "2024-06-04T17:40:16.160Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-03-06T16:33:48.826Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device."}], "affected": [{"vendor": "Cisco", "product": "Cisco AppDynamics", "versions": [{"version": "21.2.0", "status": "affected"}, {"version": "21.2.1", "status": "affected"}, {"version": "21.2.2", "status": "affected"}, {"version": "21.2.3", "status": "affected"}, {"version": "21.2.6", "status": "affected"}, {"version": "21.2.7", "status": "affected"}, {"version": "21.2.8", "status": "affected"}, {"version": "21.4.0", "status": "affected"}, {"version": "21.4.10", "status": "affected"}, {"version": "21.4.11", "status": "affected"}, {"version": "21.4.2", "status": "affected"}, {"version": "21.4.3", "status": "affected"}, {"version": "21.4.4", "status": "affected"}, {"version": "21.4.5", "status": "affected"}, {"version": "21.4.6", "status": "affected"}, {"version": "21.4.7", "status": "affected"}, {"version": "21.4.8", "status": "affected"}, {"version": "21.4.9", "status": "affected"}, {"version": "21.11.0", "status": "affected"}, {"version": "21.5.0", "status": "affected"}, {"version": "21.6.0", "status": "affected"}, {"version": "21.12.0", "status": "affected"}, {"version": "21.12.2", "status": "affected"}, {"version": "21.12.1", "status": "affected"}, {"version": "22.1.0", "status": "affected"}, {"version": "22.1.1", "status": "affected"}, {"version": "22.11.0", "status": "affected"}, {"version": "22.3.0", "status": "affected"}, {"version": "22.10.0", "status": "affected"}, {"version": "22.12.0", "status": "affected"}, {"version": "22.12.1", "status": "affected"}, {"version": "21.7.0", "status": "affected"}, {"version": "22.8.0", "status": "affected"}, {"version": "23.2.0", "status": "affected"}, {"version": "23.4.0", "status": "affected"}, {"version": "23.7.1", "status": "affected"}, {"version": "23.7.0", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Path Traversal", "type": "cwe", "cweId": "CWE-26"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF", "name": "cisco-sa-appd-traversal-m7N8mZpF"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-appd-traversal-m7N8mZpF", "discovery": "INTERNAL", "defects": ["CSCwh18934"]}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20345", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-07T16:48:25.947850Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:40:16.160Z"}}]}}