CVE-2020-8234

Name of the Vulnerable Software and Affected Versions EdgeMax EdgeSwitch firmware versions prior to 1.9.1

Description A vulnerability exists where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a command injection.

Recommendations For versions prior to 1.9.1, update to version 1.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the legacy web interface to minimize the risk of exploitation.