A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ui edgeswitch_firmware |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
opensuse leap 15.2 |