CVE-2018-12591

Name of the Vulnerable Software and Affected Versions Ubiquiti Networks EdgeSwitch versions 1.7.3 and prior

Description The issue arises from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions.

Recommendations For Ubiquiti Networks EdgeSwitch versions 1.7.3 and prior, consider restricting access to the admin CLI to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the use of the admin account and monitor for any suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.