Описание
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
Ссылки
- Mailing ListThird Party Advisory
- PatchRelease NotesVendor Advisory
- Vendor Advisory
- Product
- Mailing ListThird Party Advisory
- PatchRelease NotesVendor Advisory
- Vendor Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.0 (исключая)
Одновременно
cpe:2.3:a:ui:edgeswitch_firmware:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:ui:ep-16-xg:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:ep-s16:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-12f:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-16-150w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-24-250w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-24-500w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-24-lite:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-48-500w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-48-750w:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-48-lite:-:*:*:*:*:*:*:*
cpe:2.3:h:ui:es-8-150w:-:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.14944
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-77
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
EPSS
Процентиль: 94%
0.14944
Средний
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-77
CWE-78