Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:15 p.m.10 views

CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

10CVSS7.4AI score0.35047EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2021/12/08 12:0 a.m.72 views

Aerohive Networks HiveOS Remote Code Execution (CVE-2020-16152)

A remote code execution vulnerability exists in Aerohive Networks HiveOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.1AI score0.35047EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2021/11/19 7:51 p.m.68 views

Metasploit Wrap-Up

Azure Active Directory login scanner module Community contributor k0pak4 added a new login scanner module for Azure Active Directory. This module exploits a vulnerable authentication endpoint in order to enumerate usernames without generating log events. The error code returned by the endpoint ca...

10CVSS8.1AI score0.97904EPSS
Exploits16
0day.today
0day.today
added 2021/11/15 12:0 a.m.591 views

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit

This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...

9.8CVSS10AI score0.35047EPSS
Exploits5
NVD
NVD
added 2021/11/14 9:15 p.m.50 views

CVE-2020-16152

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...

10CVSS0.35047EPSS
Exploits5References2
CVE
CVE
added 2021/11/14 8:8 p.m.148 views

CVE-2020-16152

The CVE-2020-16152 entry refers to Aerohive/Extreme Networks HiveOS NetConfig, where the NetConfig UI is vulnerable to local file inclusion (LFI) paired with log-poisoning to achieve unauthenticated remote code execution as root. Affected are HiveOS IQ Engine and NetConfig interfaces through 10.0...

10CVSS9.5AI score0.35047EPSS
Exploits5References2Affected Software1
Packet Storm
Packet Storm
added 2021/11/12 12:0 a.m.495 views

Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE', 'Description' = %q This module exploits LFI and log poisoning vulnerabilities...

9.2AI score0.35047EPSS
Exploits5
Circl
Circl
added 2021/11/11 11:23 p.m.14 views

CVE-2020-16152

creationtimestamp| type| source ---|---|--- 2021-11-11 23:23:32+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/aerohivenetconfiglfilogpoisonrce.rb 2021-11-15 00:11:50+00:00| seen| https://t.me/cibsecurity/32393 2025-02-06 03:13:44+00:00| seen|...

10CVSS8.7AI score0.35047EPSS
Exploits5References2
GithubExploit
GithubExploit
added 2020/08/30 12:18 p.m.150 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Extremenetworks Aerohive_Netconfig

CVE-2020-16152 Summary | |...

10CVSS9.4AI score0.35047EPSS
Exploits5
Rows per page
Query Builder