In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer.
References
Link | Resource |
---|---|
https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-04-01T22:21:21
Updated: 2020-04-01T22:21:21
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8146
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-01T23:15:13.953
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-8146
JSON object: View
Redhat Information
No data.
CWE