Web Server Predictable Session ID on EdgeSwitch

In EdgeSwitch legacy web interface the SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. These vulnerabilities were found on EdgeSwitch 1G switch (ESWH) and EdgeSwitch 10G switch (ESGH) firmware v1.9.0. The fix for these vulnerabilities were included in the new version of EdgeMax EdgeSwitch firmware v1.9.1 For more details please visit: https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c https://www.ui.com/download/edgemax