Ubiquiti Networks: Privilege escalation in the client impersonation functionality

2017-04-16T19:50:56
ID H1:221454
Type hackerone
Reporter twicedi
Modified 2017-11-13T10:41:48

Description

In UCRM 2.3.0-beta4 and prior, consequence of a lack of validation in Client Impersonation functionality, an attacker with access to an Read-Only account can escalate privileges to Admin. The vulnerability was fixed in UCRM 2.3.0.