Unrated severityNVD Advisory· Published Nov 14, 2021· Updated Aug 4, 2024

CVE-2020-16152

Description

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Extremenetworks/Aerohive HiveOSllm-create
Range: <=10.0r8a
Extremenetworks/IQ Enginellm-fuzzy
Range: <=10.0r8a

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/164957/Aerohive-NetConfig-10.0r8a-Local-File-Inclusion-Remote-Code-Execution.htmlmitrex_refsource_MISC
gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2020-001mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.028
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000