nvd-json-data-feeds/CVE-2020/CVE-2020-122xx/CVE-2020-12252.json

{
  "id": "CVE-2020-12252",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-04-29T14:15:19.027",
  "lastModified": "2020-05-18T15:48:01.563",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Gigamon GigaVUE versi\u00f3n 5.5.01.11. La funcionalidad de carga permite una carga de archivos arbitrarios para un usuario autenticado. Si se sube un archivo ejecutable al directorio www-root, entonces podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo remota por medio del par\u00e1metro filename."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.4",
              "versionEndExcluding": "5.4.04",
              "matchCriteriaId": "D0F7A693-C18C-4161-B7DA-87B225BAEB7F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.5",
              "versionEndExcluding": "5.5.02",
              "matchCriteriaId": "6C3ABC43-2D02-4EE5-81B9-A4A19530B8C6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.6",
              "versionEndExcluding": "5.6.02",
              "matchCriteriaId": "99A1B0E4-F3E4-41D9-9F4A-1417B905A954"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.7",
              "versionEndExcluding": "5.7.04",
              "matchCriteriaId": "1DC0D650-83F7-4DD3-8A45-A80DE070BA59"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.8",
              "versionEndExcluding": "5.8.02",
              "matchCriteriaId": "52761149-190E-4F36-AB31-F5301C1163D8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.9",
              "versionEndExcluding": "5.9.00.04",
              "matchCriteriaId": "C112A4F9-8D70-4577-B28F-D4C414219064"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://seclists.org/fulldisclosure/2020/Apr/56",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    }
  ]
}