Details of VAR-201407-0507

ID

VAR-201407-0507

CVE

CVE-2014-2226

TITLE

Ubiquiti UniFi Controller Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2014-003629

DESCRIPTION

Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. UniFi is prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and disclose sensitive information. Successful exploits may lead to other attacks. UniFi 2.4.6 is vulnerable; other versions may also be affected. Ubiquiti Networks UniFi is a set of WiFi wireless network system of Ubiquiti Networks in the United States. UniFi Controller is one of those wireless controllers

Trust: 1.98

sources: NVD: CVE-2014-2226 // JVNDB: JVNDB-2014-003629 // BID: 68869 // VULHUB: VHN-70165

AFFECTED PRODUCTS

vendor:	ui	model:	unifi controller	scope:	lte	version:	2.4.6	Trust: 1.0
vendor:	ubiquiti	model:	unifi controller	scope:	lt	version:	3.2.1	Trust: 0.8
vendor:	ubnt	model:	unifi controller	scope:	eq	version:	2.4.6	Trust: 0.6
vendor:	ubiquiti	model:	networks unifi	scope:	eq	version:	2.4.6	Trust: 0.3
vendor:	ubiquiti	model:	networks unifi	scope:	ne	version:	3.2.1	Trust: 0.3

sources: BID: 68869 // JVNDB: JVNDB-2014-003629 // CNNVD: CNNVD-201407-691 // NVD: CVE-2014-2226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2226
value:	LOW
Trust: 1.0
NVD:	CVE-2014-2226
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201407-691
value:	LOW
Trust: 0.6
VULHUB:	VHN-70165
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2014-2226
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70165
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70165 // JVNDB: JVNDB-2014-003629 // CNNVD: CNNVD-201407-691 // NVD: CVE-2014-2226

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-70165 // JVNDB: JVNDB-2014-003629 // NVD: CVE-2014-2226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-691

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201407-691

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003629

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-70165

PATCH

title:

UniFi 3.2.1 is released

url:

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-3-2-1-is-released/ba-p/872360

Trust: 0.8

sources: JVNDB: JVNDB-2014-003629

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2226	Trust: 2.8
db:	BID	id:	68869	Trust: 2.0
db:	PACKETSTORM	id:	127616	Trust: 1.7
db:	JVNDB	id:	JVNDB-2014-003629	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-691	Trust: 0.7
db:	VULHUB	id:	VHN-70165	Trust: 0.1

sources: VULHUB: VHN-70165 // BID: 68869 // JVNDB: JVNDB-2014-003629 // CNNVD: CNNVD-201407-691 // NVD: CVE-2014-2226

REFERENCES

url:	http://seclists.org/fulldisclosure/2014/jul/127	Trust: 2.0
url:	http://sethsec.blogspot.com/2014/07/cve-2014-2226.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/68869	Trust: 1.7
url:	http://packetstormsecurity.com/files/127616/ubiquiti-ubifi-controller-2.4.5-password-hash-disclosure.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2226	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2226	Trust: 0.8
url:	http://www.ubnt.com/enterprise/	Trust: 0.3

sources: VULHUB: VHN-70165 // BID: 68869 // JVNDB: JVNDB-2014-003629 // CNNVD: CNNVD-201407-691 // NVD: CVE-2014-2226

CREDITS

Seth Art

Trust: 0.3

sources: BID: 68869

SOURCES

db:	VULHUB	id:	VHN-70165
db:	BID	id:	68869
db:	JVNDB	id:	JVNDB-2014-003629
db:	CNNVD	id:	CNNVD-201407-691
db:	NVD	id:	CVE-2014-2226

LAST UPDATE DATE

2024-11-23T22:23:04.727000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70165	date:	2019-06-10T00:00:00
db:	BID	id:	68869	date:	2014-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-003629	date:	2014-07-31T00:00:00
db:	CNNVD	id:	CNNVD-201407-691	date:	2019-06-11T00:00:00
db:	NVD	id:	CVE-2014-2226	date:	2024-11-21T02:05:52.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70165	date:	2014-07-29T00:00:00
db:	BID	id:	68869	date:	2014-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-003629	date:	2014-07-31T00:00:00
db:	CNNVD	id:	CNNVD-201407-691	date:	2014-07-29T00:00:00
db:	NVD	id:	CVE-2014-2226	date:	2014-07-29T14:55:05.187