CVE-2024-12806 — Path Traversal: '/absolute/pathname/here' in Sonicos
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 73.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 9
Description
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6
Affected Packages1 packages
🔴Vulnerability Details
2CVEList▶
CVE-2024-12806: A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file↗2025-01-09
GHSA▶
GHSA-f6f8-8wvp-pj55: A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file↗2025-01-09