CVE-2020-8233 - OpenCVE

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ui	Es-16-150w Edgeswitch Firmware Es-48-750w Es-48-lite Es-24-500w Es-8-150w Es-24-250w Ep-s16 Es-48-500w Es-24-lite Es-12f Ep-16-xg
Opensuse	Leap Backports Sle

Configuration 1 [-]

AND

cpe:2.3:a:ui:edgeswitch_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ui:ep-16-xg:-:::::::*
	cpe:2.3:h:ui:ep-s16:-:::::::*
	cpe:2.3:h:ui:es-12f:-:::::::*
	cpe:2.3:h:ui:es-16-150w:-:::::::*
	cpe:2.3:h:ui:es-24-250w:-:::::::*
	cpe:2.3:h:ui:es-24-500w:-:::::::*
	cpe:2.3:h:ui:es-24-lite:-:::::::*
	cpe:2.3:h:ui:es-48-500w:-:::::::*
	cpe:2.3:h:ui:es-48-750w:-:::::::*
	cpe:2.3:h:ui:es-48-lite:-:::::::*
	cpe:2.3:h:ui:es-8-150w:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:opensuse:backports_sle:15.0:sp1::::::
	cpe:2.3:a:opensuse:backports_sle:15.0:sp2::::::
	cpe:2.3:o:opensuse:leap:15.1:::::::*
	cpe:2.3:o:opensuse:leap:15.2:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html	Mailing List Third Party Advisory
https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c	Patch Release Notes Vendor Advisory
https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821	Vendor Advisory
https://www.ui.com/download/edgemax	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2020-08-17T15:41:19

Updated: 2020-10-10T23:06:22

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8233

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-17T16:15:13.857

Modified: 2022-05-24T17:03:55.223

Link: CVE-2020-8233

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "EdgeSwitch firmware v1.9.0 and prior", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed version EdgeSwitch firmware v1.9.1"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "Command Injection - Generic (CWE-77)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-10T23:06:22", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821"}, {"tags": ["x_refsource_MISC"], "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ui.com/download/edgemax"}, {"name": "openSUSE-SU-2020:1652", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8233", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EdgeSwitch firmware v1.9.0 and prior", "version": {"version_data": [{"version_value": "Fixed version EdgeSwitch firmware v1.9.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Command Injection - Generic (CWE-77)"}]}]}, "references": {"reference_data": [{"name": "https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821", "refsource": "MISC", "url": "https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821"}, {"name": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c", "refsource": "MISC", "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c"}, {"name": "https://www.ui.com/download/edgemax", "refsource": "MISC", "url": "https://www.ui.com/download/edgemax"}, {"name": "openSUSE-SU-2020:1652", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8233", "datePublished": "2020-08-17T15:41:19", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-10-10T23:06:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ui:edgeswitch_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "99D34145-C467-493B-8055-6CB58FE29C37", "versionEndExcluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:ep-16-xg:-:*:*:*:*:*:*:*", "matchCriteriaId": "AED6B48F-78E6-4BE2-A89C-36887E3CE63B", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:ep-s16:-:*:*:*:*:*:*:*", "matchCriteriaId": "C52B2CB9-844B-4720-BEC9-A73C9994C7AC", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-12f:-:*:*:*:*:*:*:*", "matchCriteriaId": "35E11BF8-2295-4DC3-B463-DC305B2ED456", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-16-150w:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD4B5024-6E26-4011-9392-26E304C0B00C", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-24-250w:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBA2938D-8AF2-47D5-B881-AD27A999989D", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-24-500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CDFD81A-C3D6-4B54-97C6-718FEB23C57C", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-24-lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "0085DBEE-368A-400D-A2E7-AC090CCD6324", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-48-500w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7AC5ECE-A2E4-4AD8-B65D-4B5CFFF0A044", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-48-750w:-:*:*:*:*:*:*:*", "matchCriteriaId": "287F2ABB-2855-4938-A5F3-857744ABC4E6", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-48-lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C8A7623-0F2F-49F3-81F4-515E29A907EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:es-8-150w:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD0CDC1D-D5F7-437D-9544-95E8DBFBF1F7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de inyecci\u00f3n de comandos en el firmware de EdgeSwitch versiones anteriores a v1.9.0, que permit\u00eda a un usuario autenticado de solo lectura ejecutar comandos de shell arbitrarios por medio de la interfaz HTTP, permiti\u00e9ndoles escalar privilegios."}], "id": "CVE-2020-8233", "lastModified": "2022-05-24T17:03:55.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-17T16:15:13.857", "references": [{"source": "support@hackerone.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html"}, {"source": "support@hackerone.com", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c"}, {"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821"}, {"source": "support@hackerone.com", "tags": ["Product"], "url": "https://www.ui.com/download/edgemax"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "support@hackerone.com", "type": "Secondary"}]}