CVE-2018-12590
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.
EdgeSwitch, de Ubiquiti Networks, en versiones 1.7.3 y anteriores sufre de una vulnerabilidad de cadena de formato controlada externamente debido a la falta de protección de la interfaz de línea de comandos admin. Esto conduce a la ejecución de código y a un escalado de privilegios mayor del que les está permitido a los propios administradores. Un atacante que cuente con acceso a una cuenta de administrador podría escapar de la interfaz de línea de comandos restringida y ejecutar código arbitrario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-20 CVE Reserved
- 2018-06-20 CVE Published
- 2024-03-15 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://hackerone.com/reports/311884 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ui Search vendor "Ui" | Edgeswitch Firmware Search vendor "Ui" for product "Edgeswitch Firmware" | <= 1.7.3 Search vendor "Ui" for product "Edgeswitch Firmware" and version " <= 1.7.3" | - |
Affected
| in | Ui Search vendor "Ui" | Edgeswitch Search vendor "Ui" for product "Edgeswitch" | - | - |
Safe
|