CVE-2020-16152
CVE-2020-16152
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 35.0%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
17 Feb 2020Metasploit module available
14 Nov 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
Affected products
n/a · n/a