□ Overview
o Ericsson-LG release security update to address a privilege escalation vulnerability in iPECS management page.
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Broken Access control |
Privilege Escalation |
Medium |
6.5 |
CVE-2020-7824 |
□ Description
o iPECS’s management page has a privilege escalation vulnerability due to insecure permission when handling session cookies. (CVE-2020-7824)
□ Affected Product
| Product |
Version |
| iPECS UCM |
1.0.0 to 1.0.35
2.0.0 to 2.10.14 |
□ Solution
o Update to iPECS 1.0.36 or 2.0.17 version or later.
□ Acknowledgements
o Thanks to Heehyun Kim for reporting this vulnerability.
□ Reference
[1] http://www.ericssonlg.co.kr/
□ 작성 : 침해사고분석단 취약점분석팀 |