A critical vulnerability has been identified in Marvell QConvergeConsole, which could allow a remote, unauthenticated attacker to read sensitive files from the underlying server and cause a system crash. Successful exploitation could lead to the disclosure of confidential data, such as credentials and system configurations, and result in a denial of service, disrupting business operations. Due to the high severity score, immediate remediation is strongly recommended.

The vulnerability exists within the compressConfigFiles function of the Marvell QConvergeConsole. This function fails to properly sanitize user-supplied input for file or directory paths. A remote attacker can craft a malicious request containing directory traversal sequences (e.g., ../../) to navigate outside of the intended directory, allowing them to access and read arbitrary files on the server's filesystem. Furthermore, attempting to access certain system-critical files or device files could cause the application to become unstable and crash, leading to a Denial-of-Service (DoS) condition.

This vulnerability is rated as Critical with a CVSS score of 9.4, reflecting the high potential for significant business disruption. Exploitation can lead to an information disclosure event, where an attacker could steal sensitive corporate data, intellectual property, user credentials, or private keys stored on the affected system. The subsequent Denial-of-Service impact could interrupt critical infrastructure managed by the QConvergeConsole, leading to operational downtime, financial losses, and reputational damage. The ease of exploitation by a remote attacker elevates the risk to the organization.

Immediate Action: Prioritize and apply the vendor-supplied security update to all affected instances of Marvell QConvergeConsole. Patches should be deployed in accordance with the organization's change management policies, with internet-facing or mission-critical systems being addressed first. After patching, review system and application access logs for any signs of compromise or attempted exploitation that may have occurred prior to the update.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for suspicious patterns in application or web server logs, specifically for requests to the compressConfigFiles endpoint containing directory traversal payloads such as ../, ..\, %2e%2e%2f, and their variants. Monitor system performance for unexpected service restarts, crashes, or sustained high CPU/memory usage, which could indicate a DoS attempt.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Use a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rulesets designed to detect and block directory traversal attacks.
• Restrict network access to the QConvergeConsole management interface to a limited set of trusted IP addresses or administrative networks.
• Harden the underlying operating system by applying the principle of least privilege to the user account running the QConvergeConsole service, limiting its ability to read sensitive files outside its own directory.

Public Exploit Available: false

Given the critical severity (CVSS 9.4) and the potential for both sensitive data theft and service disruption, this vulnerability poses a significant and immediate risk to the organization. We strongly recommend that all affected Marvell QConvergeConsole instances be patched immediately. The remediation plan should be executed with urgency, prioritizing systems based on their exposure and criticality. While this CVE is not yet on the CISA KEV list, its high severity warrants the same level of attention as a known exploited vulnerability.