CVE-2024-20345: Path Traversal
First published: Wed Mar 06 2024(Updated: )
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.
Credit: psirt@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AppDynamics | ||
| Cisco AppDynamics | <23.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF
- https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-path-traversal-vulnerabilities/
- https://www.theregister.com/2024/05/06/cisa_alert_dt_bugs/
- https://www.theregister.com/2024/09/20/patch_up_ivanti_fixes_exploited/
Frequently Asked Questions
What is the severity of CVE-2024-20345?
CVE-2024-20345 is classified as a high severity vulnerability due to its potential for directory traversal attacks.
How do I fix CVE-2024-20345?
To fix CVE-2024-20345, ensure that your Cisco AppDynamics Controller software is updated to the latest version that includes patches for this vulnerability.
What type of attack can be executed using CVE-2024-20345?
CVE-2024-20345 can be exploited to conduct directory traversal attacks, allowing unauthorized access to the server's file system.
Who is affected by CVE-2024-20345?
CVE-2024-20345 affects users of Cisco AppDynamics Controller that have the vulnerable file upload functionality.
Is CVE-2024-20345 a remote vulnerability?
Yes, CVE-2024-20345 can be exploited by authenticated remote attackers.
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-1708
- alias/CVE-2024-20345
- alias/CVE-2024-1709
- collector/the-register
- source/The Register
- alias/CVE-2024-8963
- alias/CVE-2024-8190
- agent/references
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/weakness
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco appdynamics