Lucene search

[email protected]CVE-2015-9266

HistorySep 05, 2018 - 9:00 p.m.

CVE-2015-9266

2018-09-0521:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2015-9266

ubiquiti

airmax

airfiber

airgateway

edgeswitch xp

unauthorized file upload

directory traversal

vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%

JSON

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.

Affected configurations

NVD

Node

uiairmax_ac_firmwareMatch7.1.3

AND

uiairmax_acMatch-

Node

uiairmax_m_xm_firmwareRange<5.6.2

AND

uiairmax_m_xmMatch-

Node

uiairmax_m_xw_firmwareRange<5.6.2

AND

uiairmax_m_xwMatch-

Node

uiairmax_m_ti_firmwareRange<5.6.2

AND

uiairmax_m_tiMatch-

Node

uiairgateway_firmwareRange<1.15

AND

uiairgatewayMatch-

Node

uiairfiber_af24_firmwareRange<2.2.1

AND

uiairfiber_af24Match-

Node

uiairfiber_af24hd_firmwareRange<2.2.1

AND

uiairfiber_af24hdMatch-

Node

uiaf5x_firmwareRange<3.0.2.1

AND

uiaf5xMatch-

Node

uiaf5_firmwareRange<2.2.1

AND

uiaf5Match-

Node

ubntairos_4_xs2Range<4.0.4

ubntairos_4_xs5Range<4.0.4

AND

uiairmax_acMatch-

uiairmax_mMatch-

Node

ubntedgeswitch_xp_firmwareRange<1.3.2

AND

uiedgeswitch_xpMatch-

CPENameOperatorVersion
ui:airmax_ac_firmwareui airmax ac firmwareeq7.1.3

CPE	Name	Operator	Version
ui:airmax_ac_firmware	ui airmax ac firmware	eq	7.1.3

References

community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940

community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949

community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494

hackerone.com/reports/73480

www.exploit-db.com/exploits/39701/

www.exploit-db.com/exploits/39853/

www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2015-9266

hackerone1 checkpoint_advisories1 prion1 cvelist1 nvd1