← Back

CVE-2020-12252

nvd nist
Published: Apr 29, 2020Modified: Jun 17, 2026

JSON object

Loading...
6.2
Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H
Exploitability: 0.7 / Impact: 5.5
Source: NVD

Description

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter.

Affected (6)

Products: Gigamon: Gigavue
Gigamon
1 product
Gigavue
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gigamon
Gigavue
From 5.4 to 5.4.04
Gigavue
From 5.5 to 5.5.02
Gigavue
From 5.6 to 5.6.02
Gigavue
From 5.7 to 5.7.04
Gigavue
From 5.8 to 5.8.02
Gigavue
From 5.9 to 5.9.00.04

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.