PT-2020-20044 · Ubiquiti+1 · Edgeswitch+1

Published

2020-08-17

Updated

2022-05-24

CVE-2020-8233

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EdgeSwitch firmware versions prior to 1.9.0

Description A command injection issue exists that allows an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, enabling them to escalate privileges.

Recommendations For EdgeSwitch firmware versions prior to 1.9.0, update to version 1.9.0 or later to resolve the issue.

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2020-8233

OPENSUSE-SU-2020:1652-1

OPENSUSE-SU-2020_1652-1

Affected Products

Edgeswitch

Suse

PT-2020-20044 · Ubiquiti+1 · Edgeswitch+1

CVE-2020-8233

Weakness Enumeration

Related Identifiers

Affected Products

References · 16