VDB
CVE-2024-20345
CVE-2024-20345
PUBLISHED
CVSS 6.5 MEDIUM
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.
EPSS 0.31% · 54.7th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.31%
54.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco AppDynamics | 21.2.0, 22.1.0, 21.12.1 |
| cisco | appdynamics_controller | 0, 0, 0 |
Exploit Intelligence
- cisco-sa-appd-traversal-m7N8mZpF (circl)
- https://www.tenable.com/blog/cybersecurity-snapshot-new-guide-explains-how-to-assess-if-software-is-secure-by-design-while (vulncheck)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
Timeline
- Mar 6, 2024 CVE Published
- Mar 7, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- May 10, 2024 VulnCheck KEV Exploitation
- May 25, 2024 EPSS Score
- Jun 21, 2024 EPSS Score
- Jul 17, 2024 EPSS Score
- Aug 13, 2024 EPSS Score
- Sep 8, 2024 EPSS Score
- Oct 4, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score