Lucene search

HackeroneCVELIST:CVE-2024-42025

HistorySep 13, 2024 - 3:47 p.m.

CVE-2024-42025

2024-09-1315:47:19

hackerone

www.cve.org

cve-2024-42025

self-hosted unifi network

linux

unifi network application

privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "Ubiquiti Inc",
    "product": "UniFi Network Application",
    "versions": [
      {
        "version": "8.4.59",
        "status": "affected",
        "lessThan": "8.4.59",
        "versionType": "semver"
      }
    ]
  }
]

References

community.ui.com/releases/Security-Advisory-Bulletin-042-042/c4f68b56-cdc4-4128-b2cb-5870209d1704

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-42025