Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneFr33rhH1:774393
HistoryJan 14, 2020 - 8:23 a.m.

Ubiquiti Inc.: Web Server Predictable Session ID on EdgeSwitch

2020-01-1408:23:05
fr33rh
hackerone.com
36

0.027 Low

EPSS

Percentile

90.6%

JSON

In EdgeSwitch legacy web interface the SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.
These vulnerabilities were found on EdgeSwitch 1G switch (ESWH) and EdgeSwitch 10G switch (ESGH) firmware v1.9.0.

The fix for these vulnerabilities were included in the new version of EdgeMax EdgeSwitch firmware v1.9.1
For more details please visit:

https://community.ui.com/releases/EdgeMAX-EdgeSwitch-Firmware-v1-9-1-v1-9-1/8a87dfc5-70f5-4055-8d67-570db1f5695c

https://www.ui.com/download/edgemax

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Command injection
2020-08-21 21:15:00
cve
cve
CVE-2020-8234
2020-08-21 21:15:12
cvelist
cvelist
CVE-2020-8234
2020-08-21 20:37:22
nvd
nvd
CVE-2020-8234
2020-08-21 21:15:12

0.027 Low

EPSS

Percentile

90.6%

JSON
Related for H1:774393
prion1cve1cvelist1nvd1