exploitDog

CVE-2019-5425

Опубликовано: 10 апр. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.

Ссылки

https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137
Mitigation
Patch
Vendor Advisory
https://hackerone.com/reports/511025
Third Party Advisory
https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137
Mitigation
Patch
Vendor Advisory
https://hackerone.com/reports/511025
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ui:edgeswitch_x:*:*:*:*:*:*:*:*

Версия до 1.1.0 (включая)

EPSS

Процентиль: 84%

0.02184

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-gm29-xmg7-q2p8

CVSS3: 8.8

github

больше 3 лет назад

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.

EPSS

Процентиль: 84%

0.02184

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78