exploitDog

CVE-2024-27981

Опубликовано: 04 апр. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device.

Affected Products: UniFi Network Application (Version 8.0.28 and earlier) .

Mitigation: Update UniFi Network Application to Version 8.1.113 or later.

Ссылки

EPSS

Процентиль: 72%

0.00707

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-9m65-6pjm-r78p

CVSS3: 9.8

github

почти 2 года назад

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Application Administrator credentials to escalate privileges to root on the host device. Affected Products: UniFi Network Application (Version 8.0.28 and earlier) . Mitigation: Update UniFi Network Application to Version 8.1.113 or later.

EPSS

Процентиль: 72%

0.00707

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77