CVE-2020-8188 - OpenCVE

We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ui	Unifi Cloud Key Plus Unifi Dream Machine Pro Unifi Protect Unifi Protect Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ui:unifi_protect_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ui:unifi_protect:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ui:unifi_protect_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ui:unifi_cloud_key_plus:-:::::::*
	cpe:2.3:h:ui:unifi_dream_machine_pro:-:::::::*

No data.

References

Link	Providers
https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4
https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba
https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2020-07-02T18:35:14

Updated: 2024-08-04T09:56:28.305Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8188

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-07-02T19:15:12.823

Modified: 2020-07-09T16:33:46.233

Link: CVE-2020-8188

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Protect for UniFi Cloud Key Gen2 Plus, UniFi Dream Machine Pro, UNVR", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in versions: v1.13.3 and v1.14.10"}]}], "descriptions": [{"lang": "en", "value": "We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "Command Injection - Generic (CWE-77)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-02T18:35:14", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4"}, {"tags": ["x_refsource_MISC"], "url": "https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba"}, {"tags": ["x_refsource_MISC"], "url": "https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2020-8188", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Protect for UniFi Cloud Key Gen2 Plus, UniFi Dream Machine Pro, UNVR", "version": {"version_data": [{"version_value": "Fixed in versions: v1.13.3 and v1.14.10"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Command Injection - Generic (CWE-77)"}]}]}, "references": {"reference_data": [{"name": "https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4", "refsource": "MISC", "url": "https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4"}, {"name": "https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba", "refsource": "MISC", "url": "https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba"}, {"name": "https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5", "refsource": "MISC", "url": "https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:56:28.305Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2020-8188", "datePublished": "2020-07-02T18:35:14", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2024-08-04T09:56:28.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:unifi_protect_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B158F107-EA41-454E-BD5C-5349C8F5605B", "versionEndIncluding": "1.13.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:unifi_protect:-:*:*:*:*:*:*:*", "matchCriteriaId": "6676A008-0522-4585-A95D-3F42C69E9C40", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ui:unifi_protect_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9C78A4B-2DBF-4774-B695-F1CC17D75255", "versionEndIncluding": "1.14.9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ui:unifi_cloud_key_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C4ED829-08E6-4330-B105-DC01A3159C90", "vulnerable": false}, {"criteria": "cpe:2.3:h:ui:unifi_dream_machine_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "B493983E-8632-4492-9B0A-E8E11E0E0BB2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges."}, {"lang": "es", "value": "Recientemente hemos publicado una nueva versi\u00f3n del firmware UniFi Protect versi\u00f3n v1.13.3 y v1.14.10 para Unifi Cloud Key Gen2 Plus y UniFi Dream Machine Pro/UNVR respectivamente, que corrige las vulnerabilidades encontradas en el firmware Protect versiones v1.13.2, v1.14.9 y anteriores, de acuerdo con la siguiente descripci\u00f3n: Visualiza solo usuarios que pueden ejecutar determinados comandos personalizados que les permiten asignarse a si mismos roles no autorizados y escalar sus privilegios"}], "id": "CVE-2020-8188", "lastModified": "2020-07-09T16:33:46.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-02T19:15:12.823", "references": [{"source": "support@hackerone.com", "tags": ["Vendor Advisory"], "url": "https://community.ui.com/releases/Security-advisory-bulletin-012-012/1bba9134-f888-4010-81c0-b0dd53b9bda4"}, {"source": "support@hackerone.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://community.ui.com/releases/UniFi-Protect-1-13-3/f4be7d35-93a3-422b-8eef-122e442c00ba"}, {"source": "support@hackerone.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://community.ui.com/releases/UniFi-Protect-1-14-10/48a8dbdd-b872-47fa-bbde-1d24ddf5d5b5"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "support@hackerone.com", "type": "Secondary"}]}