Ubiquiti Inc.: UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities.

2019-04-08T05:01:36
ID H1:530967
Type hackerone
Reporter b0yd
Modified 2020-04-01T16:48:40

Description

Summary: UniFi Video v3.10.1 ( for Windows 7/8/10 x64) Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller.

More details about this vulnerability and the fixes can be found here: https://community.ui.com/releases/Security-advisory-bulletin-006-006/3cf6264e-e0e6-4e26-a331-1d271f84673e