Sign-up

ID

VAR-201806-1277


CVE

CVE-2018-12590


TITLE

Ubiquiti Networks EdgeSwitch Vulnerabilities related to format strings

Trust: 0.8

sources: JVNDB: JVNDB-2018-006521

DESCRIPTION

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code. Ubiquiti Networks EdgeSwitch Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UbiquitiEdgeSwitch is a Gigabit network switch device from Ubiquiti Networks. A security vulnerability exists in UbiquitiEdgeSwitch 1.7.3 and earlier that was caused by a lack of protection for adminCLI. An attacker could exploit the vulnerability to execute code and increase privileges with specially crafted commands

Trust: 2.25

sources: NVD: CVE-2018-12590 // JVNDB: JVNDB-2018-006521 // CNVD: CNVD-2018-11986 // VULHUB: VHN-122565

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11986

AFFECTED PRODUCTS

vendor:uimodel:edgeswitchscope:lteversion:1.7.3

Trust: 1.0

vendor:ubiquitimodel:edgeswitchscope:lteversion:firmware 1.7.3

Trust: 0.8

vendor:ubiquitimodel:networks edgeswitchscope:lteversion:<=1.7.3

Trust: 0.6

vendor:ubntmodel:edgeswitchscope:eqversion:1.7.3

Trust: 0.6

sources: CNVD: CNVD-2018-11986 // JVNDB: JVNDB-2018-006521 // CNNVD: CNNVD-201806-1075 // NVD: CVE-2018-12590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12590
value: HIGH

Trust: 1.0

NVD: CVE-2018-12590
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11986
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-1075
value: HIGH

Trust: 0.6

VULHUB: VHN-122565
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12590
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11986
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-122565
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12590
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-12590
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-11986 // VULHUB: VHN-122565 // JVNDB: JVNDB-2018-006521 // CNNVD: CNNVD-201806-1075 // NVD: CVE-2018-12590

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2018-006521 // NVD: CVE-2018-12590

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1075

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-201806-1075

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006521

PATCH
title:Top Pageurl:https://www.ubnt.com/
Trust: 0.8
title:UbiquitiNetworksEdgeSwitch code execution vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/132723
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11986 // 
            
            
            
            JVNDB: JVNDB-2018-006521

EXTERNAL IDS
db:NVDid:CVE-2018-12590
Trust: 3.1
db:HACKERONEid:311884
Trust: 2.5
db:JVNDBid:JVNDB-2018-006521
Trust: 0.8
db:CNNVDid:CNNVD-201806-1075
Trust: 0.7
db:CNVDid:CNVD-2018-11986
Trust: 0.6
db:VULHUBid:VHN-122565
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11986 // 
            
            
            
            VULHUB: VHN-122565 // 
            
            
            
            JVNDB: JVNDB-2018-006521 // 
            
            
            
            CNNVD: CNNVD-201806-1075 // 
            
            
            
            NVD: CVE-2018-12590

REFERENCES
url:https://hackerone.com/reports/311884
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-12590
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12590
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11986 // 
            
            
            
            VULHUB: VHN-122565 // 
            
            
            
            JVNDB: JVNDB-2018-006521 // 
            
            
            
            CNNVD: CNNVD-201806-1075 // 
            
            
            
            NVD: CVE-2018-12590

SOURCES
db:CNVDid:CNVD-2018-11986
db:VULHUBid:VHN-122565
db:JVNDBid:JVNDB-2018-006521
db:CNNVDid:CNNVD-201806-1075
db:NVDid:CVE-2018-12590

LAST UPDATE DATE
2024-11-23T22:38:07.645000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11986date:2018-06-25T00:00:00
db:VULHUBid:VHN-122565date:2020-02-13T00:00:00
db:JVNDBid:JVNDB-2018-006521date:2018-08-24T00:00:00
db:CNNVDid:CNNVD-201806-1075date:2020-02-14T00:00:00
db:NVDid:CVE-2018-12590date:2024-11-21T03:45:29.880

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11986date:2018-06-25T00:00:00
db:VULHUBid:VHN-122565date:2018-06-20T00:00:00
db:JVNDBid:JVNDB-2018-006521date:2018-08-24T00:00:00
db:CNNVDid:CNNVD-201806-1075date:2018-06-21T00:00:00
db:NVDid:CVE-2018-12590date:2018-06-20T12:29:00.320