Primary

Context

Marvell QConvergeConsole Directory Traversal Information Disclosure Vulnerability

Vulnerability

A directory traversal vulnerability allowing information disclosure has been identified in Marvell QConvergeConsole. This issue arises in the restoreESwitchConfig method, where user-supplied paths are not properly validated before being used in file operations. As a result, remote attackers can exploit this vulnerability to access sensitive information in the context of the SYSTEM user. Notably, authentication is not required to exploit this vulnerability.

Impact

Exploitation of this vulnerability leads to unauthorized disclosure of sensitive information.

Remediation

Marvell QConvergeConsole has reached its End of Life and End of Support status, with the last supported version being 5.5.0.85, released in January 2022. The vendor no longer supports or recommends this tool.

Added: Jul 7, 2025, 3:35 PM

Updated: Jul 7, 2025, 3:35 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

3.3

exploitability

4.7

remediation

3.7

relevance

0.2

threat

0.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

3.3

exploitability

4.7

remediation

3.7

relevance

0.2

threat

0.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Marvell QConvergeConsole Directory Traversal Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Marvell QConvergeConsole

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating