ID SSV:61282
Type seebug
Reporter Root
Modified 2014-01-06T00:00:00
Description
CVE ID:CVE-2013-3572
Ubiquiti Networks UniFi是一款企业级无线网络系统。
Ubiquiti Networks UniFi中的UniFi Controller管理接口存在跨站脚本漏洞,允许远程攻击者利用漏洞通过特制的客户端主机名,注入恶意脚本或HTML代码,当恶意数据被查看时可获取敏感信息或者劫持用户会话。
0
Ubiquiti UniFi Controller 2.x
厂商补丁:
Ubiquiti Networks
用户可参考如下厂商提供的安全公告获得补丁信息:
http://dl.ubnt.com/unifi/static/cve-2013-3572.html
{"href": "https://www.seebug.org/vuldb/ssvid-61282", "status": "details", "history": [], "bulletinFamily": "exploit", "modified": "2014-01-06T00:00:00", "title": "Ubiquiti UniFi Controller DHCP Hostname\u811a\u672c\u6ce8\u5165\u6f0f\u6d1e", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "sourceHref": "", "cvelist": ["CVE-2013-3572"], "description": "CVE ID:CVE-2013-3572\r\n\r\nUbiquiti Networks UniFi\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u65e0\u7ebf\u7f51\u7edc\u7cfb\u7edf\u3002 \r\n\r\nUbiquiti Networks UniFi\u4e2d\u7684UniFi Controller\u7ba1\u7406\u63a5\u53e3\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684\u5ba2\u6237\u7aef\u4e3b\u673a\u540d\uff0c\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u8005\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\n0\nUbiquiti UniFi Controller 2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nUbiquiti Networks\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\n \r\nhttp://dl.ubnt.com/unifi/static/cve-2013-3572.html", "viewCount": 3, "published": "2014-01-06T00:00:00", "sourceData": "", "id": "SSV:61282", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T17:41:32", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "references": []}
{"cve": [{"lastseen": "2017-04-18T15:53:57", "references": ["http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/", "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047", "http://www.securityfocus.com/bid/64601", "http://dl.ubnt.com/unifi/static/cve-2013-3572.html"], "edition": 2, "description": "Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.", "reporter": "NVD", "published": "2013-12-31T15:55:15", "title": "CVE-2013-3572", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-3572"], "scanner": [], "modified": "2016-12-30T21:59:03", "cpe": ["cpe:/a:ubnt:unifi:2.3.5"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3572", "id": "CVE-2013-3572", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
