Arbitrary File Upload Vulnerability in Gigamon GigaVUE 5.5.01.11

CVE-2020-12252 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter.

Learn more about our User Device Pen Test.