CVE-2020-7824
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ericsson-LG | iPCES UCM | 1.0.0 < 1.0.35* | affected |
| Ericsson-LG | iPCES UCM | 2.0.0 < 2.10.14* | affected |
Weaknesses
- CWE-267: CWE-267 Privilege Defined With Unsafe Actions
ADP Enrichment
CVE Program Container
Additional References
- http://www.ericssonlg.co.kr/
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572
References
- http://www.ericssonlg.co.kr/
- https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.