Ericssonlg iPECS Privilege Escalation Vulnerability
CVE-2020-7824

6.5MEDIUM

Key Information:

Vendor: Ericsson-lg
Status: Ipces Ucm
Vendor: CVE Published:; 25 August 2020

🔔 Create Ericsson-lg Vulnerability Alert

What is CVE-2020-7824?

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.

Affected Version(s)

iPCES UCM 1.0.0 < 1.0.35*

iPCES UCM 2.0.0 < 2.10.14*

References

http://www.ericssonlg.co.kr/

x_refsource_MISC

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2020
Vulnerability Reserved
Jan 22, 2020

Credit

Thanks to Heehyun Kim for reporting this vulnerability.