Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/145533/Ubiquiti-UniFi-Video-3.7.3-Windows-Local-Privilege-Escalation.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Dec/83 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/102278 | Third Party Advisory VDB Entry |
https://hackerone.com/reports/140793 | Issue Tracking Third Party Advisory |
https://www.exploit-db.com/exploits/43390/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-12-27T17:00:00
Updated: 2017-12-28T10:57:01
Reserved: 2016-08-22T00:00:00
Link: CVE-2016-6914
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-12-27T17:29:00.230
Modified: 2021-09-13T12:09:51.987
Link: CVE-2016-6914
JSON object: View
Redhat Information
No data.
CWE