Primary

Context

Marvell QConvergeConsole Directory Traversal Vulnerability Allowing Arbitrary File Write

Vulnerability

A directory traversal vulnerability allowing arbitrary file writing has been identified in Marvell QConvergeConsole. This issue arises in the saveNICParamsToFile method, where user-supplied paths are not properly validated before being used in file operations. As a result, remote attackers can exploit this vulnerability to create files on the affected system, with the writes occurring in the context of the SYSTEM user. Notably, no authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability allows for arbitrary file creation on the affected system, with the potential for those files to be written in the context of the SYSTEM user.

Remediation

Marvell QConvergeConsole is no longer supported or recommended by the vendor. The product has reached End of Life and End of Support status after version 5.5.0.85 was released in January 2022.

Added: Jul 7, 2025, 3:33 PM

Updated: Jul 7, 2025, 3:33 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

4.7

remediation

3.7

relevance

0.2

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

2.5

exploitability

4.7

remediation

3.7

relevance

0.2

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Marvell QConvergeConsole Directory Traversal Vulnerability Allowing Arbitrary File Write

Vulnerability

Impact

Remediation

Affected Products

Marvell QConvergeConsole

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating