Sign-up

ID

VAR-202002-1023


CVE

CVE-2020-8126


TITLE

EdgeSwitch Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-001740

DESCRIPTION

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). EdgeSwitch Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A security vulnerability exists in EdgeSwitch versions prior to 1.7.1. The vulnerability stems from CGI scripts not adequately sanitizing user input. An attacker can exploit this vulnerability to execute local commands and elevate to administrator privileges (Privilege-1 to Privilege-15)

Trust: 1.71

sources: NVD: CVE-2020-8126 // JVNDB: JVNDB-2020-001740 // VULHUB: VHN-186251

AFFECTED PRODUCTS

vendor:uimodel:edgeswitchscope:ltversion:1.7.1

Trust: 1.0

vendor:ubiquitimodel:edgeswitchscope:eqversion:1.7.1

Trust: 0.8

sources: JVNDB: JVNDB-2020-001740 // NVD: CVE-2020-8126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8126
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-001740
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202002-222
value: MEDIUM

Trust: 0.6

VULHUB: VHN-186251
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-8126
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-001740
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-186251
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8126
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-001740
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186251 // JVNDB: JVNDB-2020-001740 // CNNVD: CNNVD-202002-222 // NVD: CVE-2020-8126

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-269

Trust: 0.9

sources: VULHUB: VHN-186251 // JVNDB: JVNDB-2020-001740 // NVD: CVE-2020-8126

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-222

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202002-222

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001740

PATCH
title:Top Pageurl:https://www.ui.com/
Trust: 0.8
title:EdgeSwitch Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108716
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001740 // 
            
            
            
            CNNVD: CNNVD-202002-222

EXTERNAL IDS
db:NVDid:CVE-2020-8126
Trust: 2.5
db:HACKERONEid:197958
Trust: 2.5
db:JVNDBid:JVNDB-2020-001740
Trust: 0.8
db:CNNVDid:CNNVD-202002-222
Trust: 0.7
db:VULHUBid:VHN-186251
Trust: 0.1
sources:
            
            
            VULHUB: VHN-186251 // 
            
            
            
            JVNDB: JVNDB-2020-001740 // 
            
            
            
            CNNVD: CNNVD-202002-222 // 
            
            
            
            NVD: CVE-2020-8126

REFERENCES
url:https://hackerone.com/reports/197958
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-8126
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8126
Trust: 0.8
sources:
            
            
            VULHUB: VHN-186251 // 
            
            
            
            JVNDB: JVNDB-2020-001740 // 
            
            
            
            CNNVD: CNNVD-202002-222 // 
            
            
            
            NVD: CVE-2020-8126

SOURCES
db:VULHUBid:VHN-186251
db:JVNDBid:JVNDB-2020-001740
db:CNNVDid:CNNVD-202002-222
db:NVDid:CVE-2020-8126

LAST UPDATE DATE
2024-11-23T23:11:33.804000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-186251date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-001740date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-222date:2021-01-04T00:00:00
db:NVDid:CVE-2020-8126date:2024-11-21T05:38:20.710

SOURCES RELEASE DATE
db:VULHUBid:VHN-186251date:2020-02-07T00:00:00
db:JVNDBid:JVNDB-2020-001740date:2020-02-25T00:00:00
db:CNNVDid:CNNVD-202002-222date:2020-02-07T00:00:00
db:NVDid:CVE-2020-8126date:2020-02-07T15:15:11.867