CVE-2020-16152

Опубликовано: 14 нояб. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Высокий

Описание

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.

Ссылки

http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-File-Inclusion-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-001
Vendor Advisory
http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-File-Inclusion-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-001
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:extremenetworks:aerohive_netconfig:*:*:*:*:*:*:*:*

Версия до 10.0r8a (исключая)

cpe:2.3:h:extremenetworks:aerohive_netconfig:10.0r8a:-:*:*:*:*:*:*

cpe:2.3:h:extremenetworks:aerohive_netconfig:10.0r8a:build242466:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.84896

Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-829

Связанные уязвимости

GHSA-r23h-9vch-4xm4

github

больше 3 лет назад