PT-2019-17657 · Ubiquiti Networks · Edgeswitch X

Published

2019-04-10

Updated

2020-10-16

CVE-2019-5424

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ubiquiti Networks EdgeSwitch X versions 1.1.0 and prior

Description A privileged user can execute arbitrary shell commands over the SSH CLI interface, allowing the execution of shell commands under the root user.

Recommendations For versions 1.1.0 and prior, restrict access to the SSH CLI interface to minimize the risk of exploitation. As a temporary workaround, consider limiting the privileges of users who have access to the SSH CLI interface until a patch is available.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2019-5424

Affected Products

Edgeswitch X

PT-2019-17657 · Ubiquiti Networks · Edgeswitch X

CVE-2019-5424

Weakness Enumeration

Related Identifiers

Affected Products

References · 4