QSC Q-SYS Core Manager 8.2.1 TFTP Directory Traversal Vulnerability

QSC Q-SYS Core Manager 8.2.1 TFTP Directory Traversal Vulnerability

CVE-2020-24990 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.

Learn more about our Web Application Penetration Testing UK.