CVE-2020-16152
Summary
| CVE | CVE-2020-16152 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-14 21:15:00 UTC |
| Updated | 2021-11-18 16:47:00 UTC |
| Description | The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. |
Risk And Classification
Problem Types: CWE-829
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Extremenetworks | Aerohive Netconfig | All | All | All | All |
| Hardware | Extremenetworks | Aerohive Netconfig | 10.0r8a | - | All | All |
| Hardware | Extremenetworks | Aerohive Netconfig | 10.0r8a | build242466 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Search: | Extreme Portal | MISC | gtacknowledge.extremenetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.