4 matches found
Aerohive Networks HiveManager Remote Shell Upload Exploit
Exploit for hardware platform in category web applications I. BACKGROUND Aerohive Networks HiveManager Classic Online NMS is a cloud-enabled enterprise-class management system for Aerohive networking products. HiveManager Classic Online offers simple policy creation, firmware upgrades, and...
Aerohive Networks HiveManager Remote Shell Upload
I. BACKGROUND Aerohive Networks HiveManager Classic Online NMS is a cloud-enabled enterprise-class management system for Aerohive networking products. HiveManager Classic Online offers simple policy creation, firmware upgrades, and centralized monitoring of thousands of Aerohive access points,...
CVE-2017-14105
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...
CVE-2017-14105
CVE-2017-14105 affects Aerohive HiveManager Classic through 8.1r1. A local, authenticated attacker (even Tenant-restricted) can abuse the Backup Archive Handler by modifying a backup archive prior to restore, because pathnames inside the archive are not validated. This allows placing a JSP web sh...