Skip to main content

Qconvergeconsole CVE-2020-5803

HIGH
Path Traversal (CWE-22)
2020-12-18 vulnreport@tenable.com
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 18, 2020 - 21:15 nvd
HIGH 8.1

DescriptionNVD

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.

AnalysisAI

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. Affected products include: Marvell Qconvergeconsole.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2025-6793 CRITICAL POC
9.4 Jul 07

Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulne

CVE-2025-6794 CRITICAL
9.8 Jul 07

Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows r

CVE-2020-15645 HIGH POC
8.8 Aug 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConso

CVE-2020-15643 HIGH POC
8.8 Aug 25

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConso

CVE-2025-6805 CRITICAL
9.1 Jul 07

Marvell QConvergeConsole deleteEventLogFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerabilit

CVE-2025-6798 CRITICAL
9.1 Jul 07

Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability all

CVE-2025-6802 CRITICAL
9.8 Jul 07

Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability

CVE-2025-6804 HIGH
7.5 Jul 07

Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability. This vulner

CVE-2025-6803 HIGH
7.5 Jul 07

Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability. This vulnerabilit

CVE-2025-6800 HIGH
7.5 Jul 07

Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerabili

CVE-2025-6799 HIGH
7.5 Jul 07

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability

CVE-2025-6797 HIGH
7.5 Jul 07

Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability

Share

CVE-2020-5803 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy