Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.
References
Link | Resource |
---|---|
https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117 | Patch Vendor Advisory |
https://hackerone.com/reports/239719 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2017-09-06T00:00:00
Updated: 2018-03-22T13:57:01
Reserved: 2016-11-30T00:00:00
Link: CVE-2017-0932
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-22T14:29:00.223
Modified: 2019-10-09T23:21:14.057
Link: CVE-2017-0932
JSON object: View
Redhat Information
No data.
CWE