An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-28T18:49:24

Updated: 2024-08-04T15:26:09.144Z

Reserved: 2020-08-28T00:00:00

Link: CVE-2020-24990

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-28T19:15:13.620

Modified: 2024-11-21T05:16:23.833

Link: CVE-2020-24990

cve-icon Redhat

No data.