9 matches found
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...
Aerohive Networks HiveOS Remote Code Execution (CVE-2020-16152)
A remote code execution vulnerability exists in Aerohive Networks HiveOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Metasploit Wrap-Up
Azure Active Directory login scanner module Community contributor k0pak4 added a new login scanner module for Azure Active Directory. This module exploits a vulnerable authentication endpoint in order to enumerate usernames without generating log events. The error code returned by the endpoint ca...
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit
This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...
CVE-2020-16152
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file...
CVE-2020-16152
The CVE-2020-16152 entry refers to Aerohive/Extreme Networks HiveOS NetConfig, where the NetConfig UI is vulnerable to local file inclusion (LFI) paired with log-poisoning to achieve unauthenticated remote code execution as root. Affected are HiveOS IQ Engine and NetConfig interfaces through 10.0...
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE', 'Description' = %q This module exploits LFI and log poisoning vulnerabilities...
CVE-2020-16152
creationtimestamp| type| source ---|---|--- 2021-11-11 23:23:32+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/aerohivenetconfiglfilogpoisonrce.rb 2021-11-15 00:11:50+00:00| seen| https://t.me/cibsecurity/32393 2025-02-06 03:13:44+00:00| seen|...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Extremenetworks Aerohive_Netconfig
CVE-2020-16152 Summary | |...