CVE-2019-5426 - OpenCVE

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ui	Edgeswitch X

Configuration 1 [-]

cpe:2.3:a:ui:edgeswitch_x:*:*:*:*:*:*:*:*

References

Link	Resource
https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137	Patch Vendor Advisory
https://hackerone.com/reports/512958	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2019-04-10T17:53:05

Updated: 2019-04-10T17:53:05

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5426

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-04-10T18:29:00.620

Modified: 2020-10-16T19:28:23.400

Link: CVE-2019-5426

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "EdgeMAX", "vendor": "Ubiquiti Networks", "versions": [{"status": "affected", "version": "EdgeSwitch X prior to v1.1.1"}]}], "datePublic": "2019-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the \"local port forwarding\" and \"dynamic port forwarding\" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "Improper Authentication - Generic (CWE-287)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-10T17:53:05", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/512958"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2019-5426", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EdgeMAX", "version": {"version_data": [{"version_value": "EdgeSwitch X prior to v1.1.1"}]}}]}, "vendor_name": "Ubiquiti Networks"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the \"local port forwarding\" and \"dynamic port forwarding\" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authentication - Generic (CWE-287)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/512958", "refsource": "MISC", "url": "https://hackerone.com/reports/512958"}, {"name": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137", "refsource": "CONFIRM", "url": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2019-5426", "datePublished": "2019-04-10T17:53:05", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2019-04-10T17:53:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ui:edgeswitch_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F18D1C-8C6E-482E-ACBA-7455B11BA24B", "versionEndIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the \"local port forwarding\" and \"dynamic port forwarding\" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services or forward traffic through the device if SSH is enabled in the system settings."}, {"lang": "es", "value": "En Ubiquiti Networks EdgeSwitch X 1.1.0 y versiones anteriores, un usuario no autenticado puede utilizar las funcionalidades \"local port forwarding\" y \"dynamic port forwarding\" (SOCKS proxy). Los atacantes remotos sin credenciales pueden explotar este error para acceder a servicios locales o reenviar tr\u00e1fico a trav\u00e9s del dispositivo, si el protocolo SSH est\u00e1 habilitado en la configuraci\u00f3n del sistema."}], "id": "CVE-2019-5426", "lastModified": "2020-10-16T19:28:23.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-10T18:29:00.620", "references": [{"source": "support@hackerone.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeSwitch-X-software-release-v1-1-1/ba-p/2731137"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/512958"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "support@hackerone.com", "type": "Secondary"}]}