← Back

CVE-2020-8234

nvd nist
Published: Aug 21, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.

Affected (1)

Products: Ui: Edgemax Firmware
Ui
1 product
Edgemax Firmware
Configuration A
1 vulnerable · 11 platform
Vulnerable SoftwareAffected Versions
Edgemax Firmware
Before 1.9.1
Running on/withPlatform Versions
Ui
Ep S16
All versions
Ui
Es 12f
All versions
Ui
Es 16 150w
All versions
Ui
Es 16 Xg
All versions
Ui
Es 24 250w
All versions
Ui
Es 24 500w
All versions
Ui
Es 24 Lite
All versions
Ui
Es 48 500w
All versions
Ui
Es 48 750w
All versions
Ui
Es 48 Lite
All versions
Ui
Es 8 150w
All versions

Related CWEs

CWE-613
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (6)

Source: support@hackerone.com
Source: support@hackerone.com
Source: support@hackerone.com
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.