← back
CVE-2020-16152

CVE-2020-16152

EPSS 35.0%
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 35.0%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
17 Feb 2020Metasploit module available
14 Nov 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
Affected products
n/a · n/a