CWE-37
Path Traversal: '/absolute/pathname/here'
VariantDraft
Description
The product accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation, which can allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Hierarchy (View 1000)
CVEs mapped to this weakness (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-12806 | Med | 0.32 | 4.9 | 0.00 | Jan 9, 2025 | A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. |