EdgeMAX EdgeSwitch up to 1.8.1 command injection [CVE-2019-5446]

A vulnerability was found in EdgeMAX EdgeSwitch up to 1.8.1. It has been classified as critical. Affected is some unknown functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability (Command Injection). CWE is classifying the issue as CWE-88. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was released 07/10/2019. This vulnerability is traded as CVE-2019-5446 since 01/04/2019. The successful exploitation needs a single authentication. The technical details are unknown and an exploit is not available.

Upgrading to version 1.8.2 eliminates this vulnerability.

Entry connected to this vulnerability is available at 137705.

Vendor

• EdgeMAX

Name

• EdgeSwitch

• 🔒
• 🔒

• 🔒
• 🔒

VulDB Meta Base Score: 8.0
VulDB Meta Temp Score: 7.6

VulDB Base Score: 8.0
VulDB Temp Score: 7.6
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Privilege escalation / Command Injection (CWE-88)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: EdgeSwitch 1.8.2

01/04/2019 CVE assigned
07/10/2019 +187 days Advisory disclosed
07/11/2019 +1 days VulDB entry created
07/11/2019 +0 days VulDB last update
CVE: CVE-2019-5446 (🔒)
See also: 🔒Created: 07/11/2019 12:50 PM
Complete: 🔍

Comments

Comments are closed.