Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-24755

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64).

Published

2021-05-17T22:15:07.493

Last Modified

2024-11-21T05:16:03.360

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ui	unifi_video	3.10.13	Yes

References

https://www.youtube.com/watch?v=T41h4yeh9dk Exploit, Third Party Advisory ([email protected])
https://www.youtube.com/watch?v=T41h4yeh9dk Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)