CVE-2020-8145

EPSS 0.23%
Veröffentlicht 01.04.2020 23:15:13
Zuletzt bearbeitet 21.11.2024 05:38:22
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ui ≫ Unifi Video Version <= 3.9.3

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.457

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8145

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8145

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8145

EUVD