CVE-2020-8146

EPSS 0.05%
Veröffentlicht 01.04.2020 23:15:13
Zuletzt bearbeitet 21.11.2024 05:38:22
Quelle support@hackerone.com
Teams Watchlist Login
Unerledigt Login

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ui ≫ Unifi Video Version <= 3.10.2

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.158

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8146

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8146

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8146

EUVD