CVE-2020-16152

Name of the Vulnerable Software and Affected Versions Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine versions through 10.0r8a

Description The NetConfig UI administrative interface allows attackers to execute PHP code as the root user via remote HTTP requests. This is achieved by inserting the PHP code into a log file and then traversing to that file.

Recommendations For versions through 10.0r8a, consider restricting access to the NetConfig UI administrative interface until a patch is available. As a temporary workaround, limit the ability to insert code into log files and restrict file traversal to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.