Lucene search

[email protected]CVE-2014-2227

HistoryJul 25, 2014 - 7:55 p.m.

CVE-2014-2227

2014-07-2519:55:03

CWE-264

[email protected]

web.nvd.nist.gov

ubiquiti networks

unifi video

same origin policy

crossdomain.xml

cve-2014-2227

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.049 Low

EPSS

Percentile

92.8%

JSON

The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

Affected configurations

NVD

Node

uiunifi_videoRange≤2.1.3

CPENameOperatorVersion
ui:unifi_videoui unifi videole2.1.3

CPE	Name	Operator	Version
ui:unifi_video	ui unifi video	le	2.1.3

References

seclists.org/fulldisclosure/2014/Jul/128

sethsec.blogspot.com/2014/07/cve-2014-2227.html

www.securityfocus.com/bid/68866

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.049 Low

EPSS

Percentile

92.8%

JSON

Related for CVE-2014-2227

packetstorm1 cvelist1 prion1 nvd1