CVE-2024-20345

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Mar 6, 2024
Updated: Mar 7, 2024
CWE ID 26

Summary

CVE-2024-20345 is a vulnerability affecting Cisco AppDynamics Controller's file upload functionality. This issue allows authenticated, remote attackers to perform directory traversal attacks, potentially accessing sensitive data on impacted devices. The root cause is insufficient validation of user-supplied input during file uploads, enabling attackers to manipulate requests and navigate outside intended directories. A successful exploit could result in unauthorized access to confidential information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share