Vulnerability Description
An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ui | Edgeswitch Firmware | < 1.9.0 |
| Ui | Ep-16-Xg | - |
| Ui | Ep-S16 | - |
| Ui | Es-12F | - |
| Ui | Es-16-150W | - |
| Ui | Es-24-250W | - |
| Ui | Es-24-500W | - |
| Ui | Es-24-Lite | - |
| Ui | Es-48-500W | - |
| Ui | Es-48-750W | - |
| Ui | Es-48-Lite | - |
| Ui | Es-8-150W | - |
Related Weaknesses (CWE)
References
- https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87PatchRelease NotesVendor Advisory
- https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2cVendor Advisory
- https://www.ui.com/download/edgemaxProduct
- https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87PatchRelease NotesVendor Advisory
- https://community.ui.com/releases/Security-advisory-bulletin-014-014/1c32c056-2cVendor Advisory
- https://www.ui.com/download/edgemaxProduct
FAQ
What is CVE-2020-8232?
CVE-2020-8232 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.
How severe is CVE-2020-8232?
CVE-2020-8232 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8232?
Check the references section above for vendor advisories and patch information. Affected products include: Ui Edgeswitch Firmware, Ui Ep-16-Xg, Ui Ep-S16, Ui Es-12F, Ui Es-16-150W.