CVE-2024-20345
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco AppDynamics | 21.2.0 | affected |
| Cisco | Cisco AppDynamics | 21.2.1 | affected |
| Cisco | Cisco AppDynamics | 21.2.2 | affected |
| Cisco | Cisco AppDynamics | 21.2.3 | affected |
| Cisco | Cisco AppDynamics | 21.2.6 | affected |
| Cisco | Cisco AppDynamics | 21.2.7 | affected |
| Cisco | Cisco AppDynamics | 21.2.8 | affected |
| Cisco | Cisco AppDynamics | 21.4.0 | affected |
| Cisco | Cisco AppDynamics | 21.4.10 | affected |
| Cisco | Cisco AppDynamics | 21.4.11 | affected |
| Cisco | Cisco AppDynamics | 21.4.2 | affected |
| Cisco | Cisco AppDynamics | 21.4.3 | affected |
| Cisco | Cisco AppDynamics | 21.4.4 | affected |
| Cisco | Cisco AppDynamics | 21.4.5 | affected |
| Cisco | Cisco AppDynamics | 21.4.6 | affected |
| Cisco | Cisco AppDynamics | 21.4.7 | affected |
| Cisco | Cisco AppDynamics | 21.4.8 | affected |
| Cisco | Cisco AppDynamics | 21.4.9 | affected |
| Cisco | Cisco AppDynamics | 21.11.0 | affected |
| Cisco | Cisco AppDynamics | 21.5.0 | affected |
| Cisco | Cisco AppDynamics | 21.6.0 | affected |
| Cisco | Cisco AppDynamics | 21.12.0 | affected |
| Cisco | Cisco AppDynamics | 21.12.2 | affected |
| Cisco | Cisco AppDynamics | 21.12.1 | affected |
| Cisco | Cisco AppDynamics | 22.1.0 | affected |
| Cisco | Cisco AppDynamics | 22.1.1 | affected |
| Cisco | Cisco AppDynamics | 22.11.0 | affected |
| Cisco | Cisco AppDynamics | 22.3.0 | affected |
| Cisco | Cisco AppDynamics | 22.10.0 | affected |
| Cisco | Cisco AppDynamics | 22.12.0 | affected |
| Cisco | Cisco AppDynamics | 22.12.1 | affected |
| Cisco | Cisco AppDynamics | 21.7.0 | affected |
| Cisco | Cisco AppDynamics | 22.8.0 | affected |
| Cisco | Cisco AppDynamics | 23.2.0 | affected |
| Cisco | Cisco AppDynamics | 23.4.0 | affected |
| Cisco | Cisco AppDynamics | 23.7.1 | affected |
| Cisco | Cisco AppDynamics | 23.7.0 | affected |
Weaknesses
- CWE-26: Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.