CVE-2020-5804: Path Traversal
First published: Fri Jan 08 2021(Updated: )
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Marvell Qconvergeconslole Gui | <=5.5.0.74 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of Marvell QConvergeConsole GUI vulnerability?
The vulnerability ID of Marvell QConvergeConsole GUI vulnerability is CVE-2020-5804.
What is the severity of CVE-2020-5804?
The severity of CVE-2020-5804 is high with a CVSS score of 8.1.
How does CVE-2020-5804 impact Marvell QConvergeConsole GUI?
CVE-2020-5804 affects Marvell QConvergeConsole GUI version <= 5.5.0.74 by allowing authenticated remote attackers to perform unauthorized file deletion operations.
Is authentication required to exploit CVE-2020-5804?
Yes, authentication is required for exploiting CVE-2020-5804.
Are there any patches or fixes available for CVE-2020-5804?
At the moment, there are no specific patches or fixes available for CVE-2020-5804. It is recommended to update to a version higher than 5.5.0.74 if one becomes available or follow any vendor recommendations.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/marvell
- canonical/marvell qconvergeconslole gui
- version/marvell qconvergeconslole gui/5.5.0.74