A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to read files on the underlying operating system with root privileges. To exploit this vulnerability, the attacker would need to have administrative privileges on the affected system.
                
            Metrics
Affected Vendors & Products
References
        History
                    Wed, 13 Nov 2024 19:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: cisco
Published: 2020-08-26T16:16:07.961933Z
Updated: 2024-11-13T18:12:08.392Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3490
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-04T07:37:54.454Z
 NVD
                        NVD
                    Status : Modified
Published: 2020-08-26T17:15:14.037
Modified: 2024-11-21T05:31:10.593
Link: CVE-2020-3490
 Redhat
                        Redhat
                    No data.