CVE-2020-7824

Published: Aug 25, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.

Affected (2)

Products: Ericssonlg: Ipecs

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ericssonlg Ipecs	From 1.0.0 to 1.0.35
Ericssonlg Ipecs	From 2.0.0 to 2.10.14

Related CWEs

Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

http://www.ericssonlg.co.kr/

Source: vuln@krcert.or.kr

Product

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572

Source: vuln@krcert.or.kr

Third Party Advisory

http://www.ericssonlg.co.kr/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.