exploitDog

CVE-2017-0913

Опубликовано: 03 июл. 2018

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".

Ссылки

https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814
Vendor Advisory
https://hackerone.com/reports/301406
Third Party Advisory
https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814
Vendor Advisory
https://hackerone.com/reports/301406
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ubnt:ucrm:*:*:*:*:*:*:*:*

Версия от 2.3.0 (включая) до 2.7.7 (включая)

EPSS

Процентиль: 17%

0.00055

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-vg3q-rcxr-8qqv

CVSS3: 4.7

github

больше 3 лет назад

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".

EPSS

Процентиль: 17%

0.00055

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-732