The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2014/Jul/128 | Exploit |
http://sethsec.blogspot.com/2014/07/cve-2014-2227.html | Exploit |
http://www.securityfocus.com/bid/68866 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-25T19:00:00
Updated: 2014-07-25T18:57:01
Reserved: 2014-02-26T00:00:00
Link: CVE-2014-2227
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-07-25T19:55:03.847
Modified: 2019-06-10T18:34:16.507
Link: CVE-2014-2227
JSON object: View
Redhat Information
No data.
CWE