Sign-up

ID

VAR-202008-0980


CVE

CVE-2020-8233


TITLE

Ubiquiti Networks EdgeSwitch operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-49702 // CNNVD: CNNVD-202008-859

DESCRIPTION

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. EdgeSwitch For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Ubiquiti Networks EdgeSwitch is a gigabit network switch device of Ubiquiti Networks

Trust: 2.16

sources: NVD: CVE-2020-8233 // JVNDB: JVNDB-2020-009588 // CNVD: CNVD-2020-49702

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-49702

AFFECTED PRODUCTS

vendor:uimodel:edgeswitchscope:ltversion:1.9.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.2

Trust: 1.0

vendor:opensusemodel:backports slescope:eqversion:15.0

Trust: 1.0

vendor:ubiquitimodel:edgeswitchscope:eqversion:1.9.0

Trust: 0.8

vendor:ubiquitimodel:networks edgeswitchscope:eqversion:1.9.0

Trust: 0.6

sources: CNVD: CNVD-2020-49702 // JVNDB: JVNDB-2020-009588 // NVD: CVE-2020-8233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8233
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009588
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-49702
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202008-859
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-8233
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009588
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-49702
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-8233
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009588
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-49702 // JVNDB: JVNDB-2020-009588 // CNNVD: CNNVD-202008-859 // NVD: CVE-2020-8233

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-77

Trust: 1.0

sources: JVNDB: JVNDB-2020-009588 // NVD: CVE-2020-8233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-859

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202008-859

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009588

PATCH
title:Security advisory bulletin 014url:https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821
Trust: 0.8
title:EdgeMAX EdgeSwitch Firmware v1.9.1url:https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c
Trust: 0.8
title:EdgeMAXurl:https://www.ui.com/download/edgemax/
Trust: 0.8
title:Patch for Ubiquiti Networks EdgeSwitch operating system command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/232414
Trust: 0.6
title:Ubiquiti Networks EdgeSwitch Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126546
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49702 // 
            
            
            
            JVNDB: JVNDB-2020-009588 // 
            
            
            
            CNNVD: CNNVD-202008-859

EXTERNAL IDS
db:NVDid:CVE-2020-8233
Trust: 3.0
db:JVNDBid:JVNDB-2020-009588
Trust: 0.8
db:CNVDid:CNVD-2020-49702
Trust: 0.6
db:NSFOCUSid:48737
Trust: 0.6
db:CNNVDid:CNNVD-202008-859
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49702 // 
            
            
            
            JVNDB: JVNDB-2020-009588 // 
            
            
            
            CNNVD: CNNVD-202008-859 // 
            
            
            
            NVD: CVE-2020-8233

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-8233
Trust: 2.0
url:https://community.ui.com/releases/security-advisory-bulletin-014-014/1c32c056-2c64-4e60-ac23-ce7d8f387821
Trust: 1.6
url:https://community.ui.com/releases/edgemax-edgeswitch-firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c
Trust: 1.6
url:https://www.ui.com/download/edgemax
Trust: 1.6
url:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00019.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8233
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48737
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-49702 // 
            
            
            
            JVNDB: JVNDB-2020-009588 // 
            
            
            
            CNNVD: CNNVD-202008-859 // 
            
            
            
            NVD: CVE-2020-8233

SOURCES
db:CNVDid:CNVD-2020-49702
db:JVNDBid:JVNDB-2020-009588
db:CNNVDid:CNNVD-202008-859
db:NVDid:CVE-2020-8233

LAST UPDATE DATE
2024-11-23T22:55:05.303000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-49702date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-009588date:2020-11-19T05:37:48
db:CNNVDid:CNNVD-202008-859date:2022-03-08T00:00:00
db:NVDid:CVE-2020-8233date:2024-11-21T05:38:33.437

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-49702date:2020-08-31T00:00:00
db:JVNDBid:JVNDB-2020-009588date:2020-11-19T05:37:48
db:CNNVDid:CNNVD-202008-859date:2020-08-17T00:00:00
db:NVDid:CVE-2020-8233date:2020-08-17T16:15:13.857