KISA 인터넷 보호나라&KrCERT

KrCERT/CC

Security Advisory

home

CVE-2020-7824 | Ericssonlg iPECS Privilege Escalation Vulnerability2020.08.21

□ Overview
o Ericsson-LG release security update to address a privilege escalation vulnerability in iPECS management page.

Vulnerability Type	Impact	Severity	CVSS Score	CVE ID
Broken Access control	Privilege Escalation	Medium	6.5	CVE-2020-7824

□ Description
o iPECS’s management page has a privilege escalation vulnerability due to insecure permission when handling session cookies. (CVE-2020-7824)

□ Affected Product

Product	Version
iPECS UCM	1.0.0 to 1.0.35 2.0.0 to 2.10.14

□ Solution
o Update to iPECS 1.0.36 or 2.0.17 version or later.

□ Acknowledgements
o Thanks to Heehyun Kim for reporting this vulnerability.

□ Reference
[1] http://www.ericssonlg.co.kr/

□ 작성 : 침해사고분석단 취약점분석팀

트위터 페이스북

다음글 CVE-2020-7830 | Raonwiz KUpload Remote file download vulnerability 2020.09.02
이전글 CVE-2020-7831 | INOGARD Ebiz4u web-based contract management service remote file download vulnerability 2020.08.20

KISA 인터넷 보호나라&KrCERT

인터넷침해사고 경보단계

사이버위협

보안서비스

보안점검

상담 및 신고

빅데이터센터

자료실

KrCERT/CC

KrCERT/CC

Security Advisory

KISA 인터넷 보호나라&KrCERT