An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-28T18:49:24
Updated: 2024-08-04T15:26:09.144Z
Reserved: 2020-08-28T00:00:00
Link: CVE-2020-24990
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-28T19:15:13.620
Modified: 2024-11-21T05:16:23.833
Link: CVE-2020-24990
Redhat
No data.