Vulnerability Details CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.849
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-File-Inclusion-Remote-Code-Execution.html
- https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-001
- http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-File-Inclusion-Remote-Code-Execution.html
- https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-001
Products affected by CVE-2020-16152
-
cpe:2.3:h:extremenetworks:aerohive_netconfig:*
-
cpe:2.3:h:extremenetworks:aerohive_netconfig:10.0r8a