Описание
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0 (включая)
cpe:2.3:a:ui:edgeswitch_x:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.0042
Низкий
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.
EPSS
Процентиль: 61%
0.0042
Низкий
4.8 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-287
CWE-287