exploitDog

GHSA-9m65-6pjm-r78p

Опубликовано: 05 апр. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.

Affected Products: UniFi Network Application (Version 8.0.28 and earlier) .

Mitigation: Update UniFi Network Application to Version 8.1.113 or later.

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.

Affected Products: UniFi Network Application (Version 8.0.28 and earlier) .

Mitigation: Update UniFi Network Application to Version 8.1.113 or later.

Ссылки

EPSS

Процентиль: 72%

0.00707

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-77

Связанные уязвимости

CVE-2024-27981

CVSS3: 9.8

nvd

почти 2 года назад

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later.

EPSS

Процентиль: 72%

0.00707

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-77