CVE-2020-8233
Summary
| CVE | CVE-2020-8233 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-17 16:15:00 UTC |
| Updated | 2022-05-24 17:03:00 UTC |
| Description | A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Opensuse | Backports Sle | 15.0 | sp1 | All | All |
| Application | Opensuse | Backports Sle | 15.0 | sp2 | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Application | Ui | Edgeswitch Firmware | All | All | All | All |
| Application | Ui | Edgeswitch Firmware | All | All | All | All |
| Hardware | Ui | Ep-16-xg | - | All | All | All |
| Hardware | Ui | Ep-16-xg | - | All | All | All |
| Hardware | Ui | Ep-s16 | - | All | All | All |
| Hardware | Ui | Ep-s16 | - | All | All | All |
| Hardware | Ui | Es-12f | - | All | All | All |
| Hardware | Ui | Es-12f | - | All | All | All |
| Hardware | Ui | Es-16-150w | - | All | All | All |
| Hardware | Ui | Es-16-150w | - | All | All | All |
| Hardware | Ui | Es-24-250w | - | All | All | All |
| Hardware | Ui | Es-24-250w | - | All | All | All |
| Hardware | Ui | Es-24-500w | - | All | All | All |
| Hardware | Ui | Es-24-500w | - | All | All | All |
| Hardware | Ui | Es-24-lite | - | All | All | All |
| Hardware | Ui | Es-24-lite | - | All | All | All |
| Hardware | Ui | Es-48-500w | - | All | All | All |
| Hardware | Ui | Es-48-500w | - | All | All | All |
| Hardware | Ui | Es-48-750w | - | All | All | All |
| Hardware | Ui | Es-48-750w | - | All | All | All |
| Hardware | Ui | Es-48-lite | - | All | All | All |
| Hardware | Ui | Es-48-lite | - | All | All | All |
| Hardware | Ui | Es-8-150w | - | All | All | All |
| Hardware | Ui | Es-8-150w | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2020:1652-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-7... | MISC | community.ui.com | Patch, Release Notes, Vendor Advisory |
| Ubiquiti Networks - Downloads | MISC | www.ui.com | Product |
| community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e6... | MISC | community.ui.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.