CVE-2020-8145 - OpenCVE

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Ui	Unifi Video

Configuration 1 [-]

AND

cpe:2.3:a:ui:unifi_video:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2020-04-01T22:20:07

Updated: 2020-04-01T22:20:58

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8145

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-01T23:15:13.890

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-8145

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "UniFi Video Controller (for Windows 7/8/10 x64)", "vendor": "n/a", "versions": [{"status": "affected", "version": "v3.9.3 and prior are affected"}, {"status": "affected", "version": "Fixed in v3.9.6 and newer"}]}], "descriptions": [{"lang": "en", "value": "The UniFi Video Server (Windows) web interface configuration restore functionality at the \u201cbackup\u201d and \u201cwizard\u201d endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation (CAPEC-233)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-01T22:20:58", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8145", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UniFi Video Controller (for Windows 7/8/10 x64)", "version": {"version_data": [{"version_value": "v3.9.3 and prior are affected"}, {"version_value": "Fixed in v3.9.6 and newer"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The UniFi Video Server (Windows) web interface configuration restore functionality at the \u201cbackup\u201d and \u201cwizard\u201d endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation (CAPEC-233)"}]}]}, "references": {"reference_data": [{"name": "https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e", "refsource": "CONFIRM", "url": "https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8145", "datePublished": "2020-04-01T22:20:07", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-04-01T22:20:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ui:unifi_video:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD1288F1-519E-4CE3-8627-5BB39BCDE0CA", "versionEndIncluding": "3.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The UniFi Video Server (Windows) web interface configuration restore functionality at the \u201cbackup\u201d and \u201cwizard\u201d endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP or CUSTOM_GROUP groups, can access these endpoints and overwrite the current application configuration. This can be abused for various purposes, including adding new administrative users. Affected Products: UniFi Video Controller v3.9.3 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.9.6 and newer."}, {"lang": "es", "value": "La funcionalidad de restauraci\u00f3n de la configuraci\u00f3n de la interfaz web de UniFi Video Server (Windows) en los endpoints \u201cbackup\u201d y \u201cwizard\u201d no implementa suficientes comprobaciones de privilegios. Los usuarios poco privilegiados, que pertenecen a los grupos PUBLIC_GROUP o CUSTOM_GROUP, pueden acceder a estos endpoints y sobrescribir la configuraci\u00f3n actual de la aplicaci\u00f3n. Esto puede ser abusado para varios fines, incluyendo la adici\u00f3n de nuevos usuarios administrativos. Productos afectados: UniFi Video Controller versi\u00f3n v3.9.3 (para Windows 7/8/10 x64) y anteriores. Corregido en UniFi Video Controller versi\u00f3n v3.9.6 y m\u00e1s recientes."}], "id": "CVE-2020-8145", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-01T23:15:13.890", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}