CVE-2020-7824

MEDIUM

iPECS - Privilege Escalation

Title source: llm

Description

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie value to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files.

References (2)

[Product] http://www.ericssonlg.co.kr/

[Third Party Advisory] https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35572

Scores

CVSS v3 6.5

EPSS 0.0017

EPSS Percentile 38.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-267 CWE-276

Status published

Products (1)

ericssonlg/ipecs 1.0.0 - 1.0.35

Published Aug 25, 2020

Tracked Since Feb 18, 2026