Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions.

Published

2018-06-20T12:29:00.367

Last Modified

2024-11-21T03:45:30.020

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ubnt	edgeswitch_firmware	≤ 1.7.3	Yes
Hardware	ubnt	edgeswitch	-	No

References

https://hackerone.com/reports/313245 Issue Tracking, Third Party Advisory ([email protected])
https://hackerone.com/reports/313245 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)