Lucene search

HackeroneCVE-2024-42025

HistorySep 13, 2024 - 4:15 p.m.

CVE-2024-42025

2024-09-1316:15:04

CWE-77

hackerone

web.nvd.nist.gov

command injection

unifi network

linux

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.6%

JSON

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

Affected configurations

Nvd

Vulners

Node

uiunifi_network_applicationRange<8.4.59

VendorProductVersionCPE
uiunifi_network_application*cpe:2.3:a:ui:unifi_network_application:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ui	unifi_network_application	*	cpe:2.3:a:ui:unifi_network_application::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ubiquiti Inc",
    "product": "UniFi Network Application",
    "versions": [
      {
        "version": "8.4.59",
        "status": "affected",
        "lessThan": "8.4.59",
        "versionType": "semver"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-042-042/c4f68b56-cdc4-4128-b2cb-5870209d1704

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for CVE-2024-42025