CVE-2017-0932

Name of the Vulnerable Software and Affected Versions Ubiquiti Networks EdgeOS versions 1.9.1.1 and prior

Description The issue is related to Improper Privilege Management due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system.

Recommendations For Ubiquiti Networks EdgeOS versions 1.9.1.1 and prior, consider restricting access to the Feature functionality until a fix is available. As a temporary workaround, limit ssh connections to the devices and monitor operator account activity to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.