{"api_version":"1","generated_at":"2026-04-25T11:01:19+00:00","cve":"CVE-2020-12251","urls":{"html":"https://cve.report/CVE-2020-12251","api":"https://cve.report/api/cve/CVE-2020-12251.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-12251","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-12251"},"summary":{"title":"CVE-2020-12251","description":"An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-04-29 14:15:00","updated_at":"2020-05-18 15:47:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://seclists.org/fulldisclosure/2020/Apr/56","name":"https://seclists.org/fulldisclosure/2020/Apr/56","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: Gigamon - GigaVUE 0day","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html","name":"http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"Gigamon GigaVUE 5.5.01.11 Directory Traversal / File Upload ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-12251","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12251","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"12251","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigamon","cpe5":"gigavue","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12251","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gigamon","cpe5":"gigavue","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-12251","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://seclists.org/fulldisclosure/2020/Apr/56","url":"https://seclists.org/fulldisclosure/2020/Apr/56"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html","url":"http://packetstormsecurity.com/files/157484/Gigamon-GigaVUE-5.5.01.11-Directory-Traversal-File-Upload.html"}]}},"nvd":{"publishedDate":"2020-04-29 14:15:00","lastModifiedDate":"2020-05-18 15:47:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.2,"baseSeverity":"LOW"},"exploitabilityScore":0.7,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.4.04","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.5.02","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.6.02","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.7.04","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"5.8.02","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gigamon:gigavue:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndExcluding":"5.9.00.04","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"12251","Ordinal":"173391","Title":"CVE-2020-12251","CVE":"CVE-2020-12251","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"12251","Ordinal":"1","NoteData":"An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"12251","Ordinal":"2","NoteData":"2020-04-29","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"12251","Ordinal":"3","NoteData":"2020-04-29","Type":"Other","Title":"Modified"}]}}}