First published: Wed Jul 15 2020(Updated: )
Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SD-WAN Edge. While the vulnerability is in Oracle SD-WAN Edge, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle SD-WAN Edge. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle SD-WAN Edge | =8.2 | |
Oracle SD-WAN Edge | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-14606 is critical.
Oracle SD-WAN Edge versions 8.2 and 9.0 are affected by CVE-2020-14606.
An unauthenticated attacker with network access via HTTP can exploit CVE-2020-14606.
CVE-2020-14606 allows an attacker to compromise Oracle SD-WAN Edge.
You can find more information about CVE-2020-14606 at the following link: https://www.oracle.com/security-alerts/cpujul2020.html