Path Traversal Vulnerability in Marvell QConvergeConsole GUI

Path Traversal Vulnerability in Marvell QConvergeConsole GUI

CVE-2020-5804 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.

Learn more about our User Device Pen Test.