Sign-up

ID

VAR-202008-0967


CVE

CVE-2020-8234


TITLE

EdgeMax EdgeSwitch firmware Session deadline vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-008603

DESCRIPTION

A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. EdgeMax EdgeSwitch firmware Exists in a session deadline vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. EdgeSwitch is a poe gigabit switch launched by Ubiquiti Networks and belongs to the EdgeMAX series. There is a command injection vulnerability in EdgeSwitch versions before 1.9.1. The vulnerability stems from the predictable SIDSSL cookie of the old version of the EdgeSwitch administrator web interface. An attacker can use this vulnerability to obtain a high-privilege and root shell

Trust: 2.25

sources: NVD: CVE-2020-8234 // JVNDB: JVNDB-2020-008603 // CNVD: CNVD-2020-53785 // VULMON: CVE-2020-8234

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-53785

AFFECTED PRODUCTS

vendor:uimodel:edgemaxscope:ltversion:1.9.1

Trust: 1.0

vendor:ubiquitimodel:edgemaxscope:eqversion:1.9.1

Trust: 0.8

vendor:ubiquitimodel:networks edgeswitchscope:ltversion:1.9.1

Trust: 0.6

sources: CNVD: CNVD-2020-53785 // JVNDB: JVNDB-2020-008603 // NVD: CVE-2020-8234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8234
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-008603
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-53785
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202008-1075
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-8234
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-8234
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008603
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-53785
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-8234
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008603
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-53785 // VULMON: CVE-2020-8234 // JVNDB: JVNDB-2020-008603 // CNNVD: CNNVD-202008-1075 // NVD: CVE-2020-8234

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.8

sources: JVNDB: JVNDB-2020-008603 // NVD: CVE-2020-8234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1075

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-1075

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008603

PATCH
title:edgemaxurl:https://www.ui.com/download/edgemax/
Trust: 0.8
title:Patch for EdgeSwitch command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/235492
Trust: 0.6
title:EdgeMax EdgeSwitch Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127229
Trust: 0.6
title:Security Matters 2022 Resource List
Table of Contentsurl:https://github.com/triw0lf/Security-Matters-22 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-53785 // 
            
            
            
            VULMON: CVE-2020-8234 // 
            
            
            
            JVNDB: JVNDB-2020-008603 // 
            
            
            
            CNNVD: CNNVD-202008-1075

EXTERNAL IDS
db:NVDid:CVE-2020-8234
Trust: 3.1
db:JVNDBid:JVNDB-2020-008603
Trust: 0.8
db:CNVDid:CNVD-2020-53785
Trust: 0.6
db:CNNVDid:CNNVD-202008-1075
Trust: 0.6
db:VULMONid:CVE-2020-8234
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-53785 // 
            
            
            
            VULMON: CVE-2020-8234 // 
            
            
            
            JVNDB: JVNDB-2020-008603 // 
            
            
            
            CNNVD: CNNVD-202008-1075 // 
            
            
            
            NVD: CVE-2020-8234

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8234
Trust: 2.0
url:https://www.ui.com/download/edgemax
Trust: 1.7
url:https://community.ui.com/releases/security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821%2c
Trust: 1.1
url:https://community.ui.com/releases/edgemax-edgeswitch-firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c%2c
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8234
Trust: 0.8
url:https://community.ui.com/releases/security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821
Trust: 0.6
url:https://community.ui.com/releases/edgemax-edgeswitch-firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/613.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/triw0lf/security-matters-22
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-53785 // 
            
            
            
            VULMON: CVE-2020-8234 // 
            
            
            
            JVNDB: JVNDB-2020-008603 // 
            
            
            
            CNNVD: CNNVD-202008-1075 // 
            
            
            
            NVD: CVE-2020-8234

SOURCES
db:CNVDid:CNVD-2020-53785
db:VULMONid:CVE-2020-8234
db:JVNDBid:JVNDB-2020-008603
db:CNNVDid:CNNVD-202008-1075
db:NVDid:CVE-2020-8234

LAST UPDATE DATE
2024-11-23T22:21:03.703000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-53785date:2020-09-24T00:00:00
db:VULMONid:CVE-2020-8234date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-008603date:2020-09-16T00:00:00
db:CNNVDid:CNNVD-202008-1075date:2022-03-08T00:00:00
db:NVDid:CVE-2020-8234date:2024-11-21T05:38:33.570

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-53785date:2020-09-24T00:00:00
db:VULMONid:CVE-2020-8234date:2020-08-21T00:00:00
db:JVNDBid:JVNDB-2020-008603date:2020-09-16T00:00:00
db:CNNVDid:CNNVD-202008-1075date:2020-08-21T00:00:00
db:NVDid:CVE-2020-8234date:2020-08-21T21:15:12.027