Attacker Value
Moderate
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2020-16152

Disclosure Date: November 14, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Aerohive/Extreme Networks HiveOS administrative webinterface (NetConfig) is vulnerable to LFI because it uses an old version of PHP vulnerable to string truncation attacks. An attacker is able to use this in conjunction with log poisoning to gain root rights on a vulnerable access point.

Add Assessment

1
Ratings
Technical Analysis

There is an exploit for this. I was able to extract the firmware and statically confirm the vulnerability. I haven’t tried to kick it off in QEMU yet.

Fun bug chain. The vendor hasn’t patched this. If you’re using this in your environment, you may want to disable the web interface as per the exploit’s README.md.

Note that this HiveOS is not to be confused with the mining platform HiveOS. This is Wi-Fi stuff.

General Information

Additional Info

Technical Analysis