nvd-json-data-feeds/CVE-2020/CVE-2020-122xx/CVE-2020-12251.json

{
  "id": "CVE-2020-12251",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-04-29T14:15:18.887",
  "lastModified": "2024-11-21T04:59:22.960",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Gigamon GigaVUE versi\u00f3n 5.5.01.11. La funcionalidad de carga permite a un usuario autenticado cambiar el valor del  filename (en el m\u00e9todo POST) a partir del filename original para lograr un salto de directorio por medio de una secuencia ../ y, por ejemplo, obtener un listado completo del directorio de la m\u00e1quina."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 2.2,
          "baseSeverity": "LOW",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "baseScore": 3.5,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.4",
              "versionEndExcluding": "5.4.04",
              "matchCriteriaId": "D0F7A693-C18C-4161-B7DA-87B225BAEB7F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.5",
              "versionEndExcluding": "5.5.02",
              "matchCriteriaId": "6C3ABC43-2D02-4EE5-81B9-A4A19530B8C6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.6",
              "versionEndExcluding": "5.6.02",
              "matchCriteriaId": "99A1B0E4-F3E4-41D9-9F4A-1417B905A954"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.7",
              "versionEndExcluding": "5.7.04",
              "matchCriteriaId": "1DC0D650-83F7-4DD3-8A45-A80DE070BA59"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.8",
              "versionEndExcluding": "5.8.02",
              "matchCriteriaId": "52761149-190E-4F36-AB31-F5301C1163D8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.9",
              "versionEndExcluding": "5.9.00.04",
              "matchCriteriaId": "C112A4F9-8D70-4577-B28F-D4C414219064"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://seclists.org/fulldisclosure/2020/Apr/56",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://seclists.org/fulldisclosure/2020/Apr/56",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    }
  ]
}