HIGH🇵🇱 Wersja polska

CVE-2018-12590

CVSS 7.2v3.1pub. 2018-06-20upd. 2024-11-21

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Ui Edgeswitch

    HW
    Ui
    wszystkie wersje
  • Ui Edgeswitch Firmware

    OS
    Ui
    ≤ 1.7.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCELPE
CWE
References

Related vulnerabilities

CVE-2020-8233HIGH8.8ten sam produkt

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-onl...

CVE-2020-8126HIGH7.8ten sam produkt

A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user i...

CVE-2019-5446HIGH7.2ten sam produkt

Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.

CVE-2020-8232MEDIUM6.5ten sam produkt

An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only us...

CVE-2019-5445MEDIUM4.9ten sam produkt

DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted c...