CVE-2020-8234 — CRITICAL (9.8)

Q: How severe is CVE-2020-8234?

CVE-2020-8234 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-8234?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Edgemax Firmware, Ui Ep-S16, Ui Es-12F, Ui Es-16-150W, Ui Es-16-Xg.

Vulnerability Description

A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ui	Edgemax Firmware	< 1.9.1
Ui	Ep-S16	-
Ui	Es-12F	-
Ui	Es-16-150W	-
Ui	Es-16-Xg	-
Ui	Es-24-250W	-
Ui	Es-24-500W	-
Ui	Es-24-Lite	-
Ui	Es-48-500W	-
Ui	Es-48-750W	-
Ui	Es-48-Lite	-
Ui	Es-8-150W	-

Related Weaknesses (CWE)

CWE-613

References

FAQ

What is CVE-2020-8234?

CVE-2020-8234 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and ...

How severe is CVE-2020-8234?

CVE-2020-8234 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-8234?

Check the references section above for vendor advisories and patch information. Affected products include: Ui Edgemax Firmware, Ui Ep-S16, Ui Es-12F, Ui Es-16-150W, Ui Es-16-Xg.