CVE-2020-8233 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-8233 PUBLISHED CVSS 8.800000190734863 HIGH

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

EPSS 14.94% · 94.5th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

14.94%

94.5th percentile

Affected Products

Vendor	Product	Versions
opensuse	backports_sle	15.0, 15.0
n/a	EdgeSwitch firmware v1.9.0 and prior	Fixed version EdgeSwitch firmware v1.9.1
ui	edgeswitch_firmware	0
opensuse	leap	15.1, 15.2

Timeline

CVE Published
Apr 14, 2021 EPSS Score
May 23, 2021 PoC Published
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 21, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
May 1, 2025 EPSS Score

References

Open in Interactive Console →