CVE-2020-36907
Denial of Service in Aerohive HiveOS NetConfig UI
Publication date: 2026-01-06
Last updated on: 2026-01-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| extreme_networks | aerohive_hiveos | to 11.x (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-36907 is a remote denial of service (DoS) vulnerability in Extreme Networks Aerohive HiveOS versions up to and including 11.x. It affects the NetConfig web user interface, specifically the action.php5 script. An unauthenticated attacker can send a specially crafted HTTP request with specific parameters to this script, triggering the CliWindow function via the _page parameter. This causes the web interface to become unresponsive for approximately 5 minutes (305 seconds), effectively denying access to the HiveOS management UI. The attack requires no authentication or user interaction and can be executed remotely over the network. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service on the Aerohive HiveOS web management interface. An attacker can remotely and without authentication make the web UI unusable for about 5 minutes per attack, disrupting your ability to manage and configure Aerohive access points and their network settings. This could lead to operational downtime or delays in network management tasks, potentially affecting network availability and administrative control. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP request to the vulnerable Aerohive HiveOS device targeting the action.php5 script with specific parameters, particularly using the _page parameter invoking the CliWindow function. A simple curl command can be used to test this, for example: curl -X GET 'http://<target-ip>/action.php5?_page=CliWindow'. If the web interface becomes unresponsive for about 5 minutes, the system is vulnerable. [1, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to disable the HiveOS web server UI by executing the CLI command: no system web-server hive-ui enable. This will prevent the web interface from being accessible and thus block the attack vector until a proper patch or update is applied. [1, 4]