본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7824 | Ericssonlg iPECS Privilege Escalation Vulnerability2020.08.21
□ Overview
 o Ericsson-LG release security update to address a privilege escalation vulnerability in iPECS management page.
Vulnerability Type Impact Severity CVSS Score CVE ID
Broken Access control Privilege Escalation Medium 6.5 CVE-2020-7824

□ Description
 o iPECS’s management page has a privilege escalation vulnerability due to insecure permission when handling session cookies. (CVE-2020-7824)

□ Affected Product
Product Version
iPECS UCM 1.0.0 to 1.0.35
2.0.0 to 2.10.14

□ Solution
 o Update to iPECS 1.0.36 or 2.0.17 version or later.

□ Acknowledgements
 o Thanks to Heehyun Kim for reporting this vulnerability.

□ Reference
 [1] http://www.ericssonlg.co.kr/


□ 작성 : 침해사고분석단 취약점분석팀