Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-12590

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.

Published

2018-06-20T12:29:00.320

Last Modified

2024-11-21T03:45:29.880

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ui	edgeswitch_firmware	≤ 1.7.3	Yes
Hardware	ui	edgeswitch	-	No

References

https://hackerone.com/reports/311884 Issue Tracking, Third Party Advisory ([email protected])
https://hackerone.com/reports/311884 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)