CVE-2020-24990
N/A
N/A
Summary
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm
- http://seclists.org/fulldisclosure/2020/Oct/30
- http://packetstormsecurity.com/files/159699/QSC-Q-SYS-Core-Manager-8.2.1-Directory-Traversal.html
References
- https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm
- http://seclists.org/fulldisclosure/2020/Oct/30
- http://packetstormsecurity.com/files/159699/QSC-Q-SYS-Core-Manager-8.2.1-Directory-Traversal.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.