Lucene search

[email protected]CVE-2014-2226

HistoryJul 29, 2014 - 2:55 p.m.

CVE-2014-2226

2014-07-2914:55:05

CWE-255

[email protected]

web.nvd.nist.gov

ubiquiti

unifi controller

cve-2014-2226

syslog

security

man-in-the-middle

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.3%

JSON

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

Affected configurations

NVD

Node

uiunifi_controllerRange≤2.4.6

CPENameOperatorVersion
ui:unifi_controllerui unifi controllerle2.4.6

CPE	Name	Operator	Version
ui:unifi_controller	ui unifi controller	le	2.4.6

References

packetstormsecurity.com/files/127616/Ubiquiti-UbiFi-Controller-2.4.5-Password-Hash-Disclosure.html

seclists.org/fulldisclosure/2014/Jul/127

sethsec.blogspot.com/2014/07/cve-2014-2226.html

www.securityfocus.com/bid/68869

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.3%

JSON

Related for CVE-2014-2226

nvd1 prion1 cvelist1 packetstorm1