CVE-2020-27130

CRITICAL Year: 2020
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-35
View all →

Vulnerability Description

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.

Related Vulnerabilities

CVE-2024-40505

CRITICAL
CVSS:9.3(Critical)

Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.

CWE-352024

CVE-2024-56045

CRITICAL
CVSS:9.3(Critical)

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.

CWE-352024

CVE-2023-46690

HIGH
CVSS:8.8(High)

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution.

CWE-352023

CVE-2023-5800

HIGH
CVSS:8.8(High)

Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw c...

CWE-352023

CVE-2024-0113

HIGH
CVSS:8.8(High)

NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this...

CWE-352024

CVE-2024-1886

HIGH
CVSS:8.8(High)

This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage.

CWE-352024