Details of VAR-201809-0006

ID

VAR-201809-0006

CVE

CVE-2015-9266

TITLE

plural Ubiquiti Product Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-008231

DESCRIPTION

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2. plural Ubiquiti Product Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ubiquiti airMAX AC, etc. are all products of Ubiquiti Networks in the United States. The Ubiquiti airMAX AC is a wireless access point device. airGateway is a gateway device

Trust: 1.8

sources: NVD: CVE-2015-9266 // JVNDB: JVNDB-2015-008231 // VULHUB: VHN-87227 // VULMON: CVE-2015-9266

AFFECTED PRODUCTS

vendor:	ui	model:	af5	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	ubnt	model:	airos 4 xs5	scope:	lt	version:	4.0.4	Trust: 1.0
vendor:	ui	model:	airmax m xm	scope:	lt	version:	5.6.2	Trust: 1.0
vendor:	ui	model:	airmax m xw	scope:	lt	version:	5.6.2	Trust: 1.0
vendor:	ui	model:	airfiber af24	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	ubnt	model:	airos 4 xs2	scope:	lt	version:	4.0.4	Trust: 1.0
vendor:	ubnt	model:	edgeswitch xp	scope:	lt	version:	1.3.2	Trust: 1.0
vendor:	ui	model:	airgateway	scope:	lt	version:	1.15	Trust: 1.0
vendor:	ui	model:	af5x	scope:	lt	version:	3.0.2.1	Trust: 1.0
vendor:	ui	model:	airfiber af24hd	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	ui	model:	airmax ac	scope:	eq	version:	7.1.3	Trust: 1.0
vendor:	ui	model:	airmax m ti	scope:	lt	version:	5.6.2	Trust: 1.0
vendor:	ubiquiti	model:	airfiber	scope:	lt	version:	af24 2.2.1	Trust: 0.8
vendor:	ubiquiti	model:	airfiber	scope:	lt	version:	af24hd 2.2.1	Trust: 0.8
vendor:	ubiquiti	model:	airgateway	scope:	lt	version:	1.1.5	Trust: 0.8
vendor:	ubiquiti	model:	airmax ac	scope:	lt	version:	7.1.3	Trust: 0.8
vendor:	ubiquiti	model:	airmax m	scope:	lt	version:	5.5.10u2 xw	Trust: 0.8
vendor:	ubiquiti	model:	airmax m	scope:	lt	version:	5.5.11 ti	Trust: 0.8
vendor:	ubiquiti	model:	airmax m	scope:	lt	version:	5.5.11 xm	Trust: 0.8
vendor:	ubiquiti	model:	airmax m	scope:	lt	version:	5.6.2 ti	Trust: 0.8
vendor:	ubiquiti	model:	airmax m	scope:	lt	version:	5.6.2 xm	Trust: 0.8
vendor:	ubiquiti	model:	airmax m	scope:	lt	version:	5.6.2 xw	Trust: 0.8

sources: JVNDB: JVNDB-2015-008231 // NVD: CVE-2015-9266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-9266
value:	CRITICAL
Trust: 1.0
cve@mitre.org:	CVE-2015-9266
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-9266
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201809-213
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-87227
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-9266
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-9266
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-87227
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-9266
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-87227 // VULMON: CVE-2015-9266 // JVNDB: JVNDB-2015-008231 // CNNVD: CNNVD-201809-213 // NVD: CVE-2015-9266 // NVD: CVE-2015-9266

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-87227 // JVNDB: JVNDB-2015-008231 // NVD: CVE-2015-9266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-213

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201809-213

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008231

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2015-9266

PATCH

title:	Virus attack - URGENT @UBNT	url:	https://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940	Trust: 0.8
title:	Important Security Notice and airOS 5.6.5 Release	url:	https://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Notice-and-airOS-5-6-5-Release/ba-p/1565949	Trust: 0.8
title:	Security Release for airMAX and airGateway Released	url:	https://community.ubnt.com/t5/airMAX-Updates-Blog/Security-Release-for-airMAX-TOUGHSwitch-and-airGateway-Released/ba-p/1300494	Trust: 0.8
title:	Multiple Ubiquiti Product path traversal vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84546	Trust: 0.6

sources: JVNDB: JVNDB-2015-008231 // CNNVD: CNNVD-201809-213

EXTERNAL IDS

db:	NVD	id:	CVE-2015-9266	Trust: 2.6
db:	EXPLOIT-DB	id:	39853	Trust: 1.8
db:	EXPLOIT-DB	id:	39701	Trust: 1.8
db:	HACKERONE	id:	73480	Trust: 1.8
db:	JVNDB	id:	JVNDB-2015-008231	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-213	Trust: 0.7
db:	VULHUB	id:	VHN-87227	Trust: 0.1
db:	VULMON	id:	CVE-2015-9266	Trust: 0.1

sources: VULHUB: VHN-87227 // VULMON: CVE-2015-9266 // JVNDB: JVNDB-2015-008231 // CNNVD: CNNVD-201809-213 // NVD: CVE-2015-9266

REFERENCES

url:	https://www.exploit-db.com/exploits/39701/	Trust: 1.9
url:	https://community.ubnt.com/t5/airmax-updates-blog/important-security-notice-and-airos-5-6-5-release/ba-p/1565949	Trust: 1.8
url:	https://community.ubnt.com/t5/airmax-updates-blog/security-release-for-airmax-toughswitch-and-airgateway-released/ba-p/1300494	Trust: 1.8
url:	https://www.exploit-db.com/exploits/39853/	Trust: 1.8
url:	https://community.ubnt.com/t5/airmax-general-discussion/virus-attack-urgent-ubnt/td-p/1562940	Trust: 1.8
url:	https://hackerone.com/reports/73480	Trust: 1.8
url:	https://www.rapid7.com/db/modules/exploit/linux/ssh/ubiquiti_airos_file_upload	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9266	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9266	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-87227 // VULMON: CVE-2015-9266 // JVNDB: JVNDB-2015-008231 // CNNVD: CNNVD-201809-213 // NVD: CVE-2015-9266

SOURCES

db:	VULHUB	id:	VHN-87227
db:	VULMON	id:	CVE-2015-9266
db:	JVNDB	id:	JVNDB-2015-008231
db:	CNNVD	id:	CNNVD-201809-213
db:	NVD	id:	CVE-2015-9266

LAST UPDATE DATE

2024-11-23T22:41:41.788000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-87227	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2015-9266	date:	2021-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-008231	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201809-213	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2015-9266	date:	2024-11-21T02:40:12.417

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-87227	date:	2018-09-05T00:00:00
db:	VULMON	id:	CVE-2015-9266	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-008231	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201809-213	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2015-9266	date:	2018-09-05T20:29:00.253