CVE-2020-5804

Description

Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2020-5804
Base Score: 8.1
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Impact Score: 5.2
Exploitability Score: 2.8

nvd
CVE ID: CVE-2020-5804
Base Score: 8.5
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:S/C:N/I:C/A:C

Refrence: NVD

Description​

Description