CVE-2019-5456

Опубликовано: 30 июл. 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 4.3

EPSS Низкий

Описание

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version <= 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later.

Ссылки

https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c
Release Notes
Vendor Advisory
https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124
Release Notes
Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391
Vendor Advisory
https://hackerone.com/reports/519582
Permissions Required
https://community.ui.com/releases/862b962b-55f6-4324-96be-610f647d5c1c
Release Notes
Vendor Advisory
https://community.ui.com/releases/9f698d0b-8279-40d3-9f1a-d36db4813124
Release Notes
Vendor Advisory
https://community.ui.com/releases/Security-Advisory-Bulletin-003-003/982bbaa8-2a07-4f81-a5f6-0bb84753f391
Vendor Advisory
https://hackerone.com/reports/519582
Permissions Required

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:*

Версия до 5.10.21 (включая)

EPSS

Процентиль: 58%

0.00361

Низкий

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-300

CWE-255

Связанные уязвимости

GHSA-8hq9-mg8q-pw66