VDB

CVE-2024-20345

CVE-2024-20345 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.

EPSS 0.31% · 54.7th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.31%
54.7th percentile

Affected Products

VendorProductVersions
CiscoCisco AppDynamics21.2.0, 22.1.0, 21.12.1
ciscoappdynamics_controller0, 0, 0

Exploit Intelligence

Timeline

  • Mar 6, 2024 CVE Published
  • Mar 7, 2024 EPSS Score
  • Apr 2, 2024 EPSS Score
  • Apr 29, 2024 EPSS Score
  • May 10, 2024 VulnCheck KEV Exploitation
  • May 25, 2024 EPSS Score
  • Jun 21, 2024 EPSS Score
  • Jul 17, 2024 EPSS Score
  • Aug 13, 2024 EPSS Score
  • Sep 8, 2024 EPSS Score
  • Oct 4, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›