CVE-2019-5446

Published: Jul 10, 2019Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

Affected (1)

Products: Ui: Edgeswitch Firmware

1 product

Edgeswitch Firmware

Configuration A

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Ui Edgeswitch Firmware	Before 1.8.2

Running on/with	Platform Versions
Ui Ep S16.	All versions
Ui Es 12f	All versions
Ui Es 16 150w	All versions
Ui Es 16 Xg	All versions
Ui Es 24 250w	All versions
Ui Es 24 500w	All versions
Ui Es 24 Lite	All versions
Ui Es 48 500w	All versions
Ui Es 48 750w	All versions
Ui Es 48 Lite	All versions
Ui Es 8 150w	All versions

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7

Source: support@hackerone.com

Release NotesVendor Advisory

https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-8-2/824d58b1-6027-49cf-878d-2076c01948b7

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.