PT-2018-5160 · Ubiquiti Networks · Edgeos
Published
2018-03-22
·
Updated
2019-10-09
·
CVE-2017-0933
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ubiquiti Networks EdgeOS versions 1.9.1 and prior
Description
The issue allows an attacker with access to an operator account to potentially gain admin privileges by luring an admin user into accessing an attacker-controlled page, exploiting a Cross-Site Request Forgery (CSRF) weakness.
Recommendations
For Ubiquiti Networks EdgeOS versions 1.9.1 and prior, update to a version later than 1.9.1 to resolve the issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edgeos