Vulnerability Details : CVE-2020-16152
Public exploit exists!
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
Vulnerability category: File inclusion
Exploit prediction scoring system (EPSS) score for CVE-2020-16152
80.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-16152
-
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
Disclosure Date: 2020-02-17First seen: 2022-12-23exploit/unix/webapp/aerohive_netconfig_lfi_log_poison_rceThis module exploits LFI and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme N
CVSS scores for CVE-2020-16152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-16152
-
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-16152
-
https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-001
Search: | Extreme PortalVendor Advisory
-
http://packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-File-Inclusion-Remote-Code-Execution.html
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2020-16152
- cpe:2.3:h:extremenetworks:aerohive_netconfig:*:*:*:*:*:*:*:*
- cpe:2.3:h:extremenetworks:aerohive_netconfig:10.0r8a:-:*:*:*:*:*:*
- cpe:2.3:h:extremenetworks:aerohive_netconfig:10.0r8a:build242466:*:*:*:*:*:*