PT-2019-17659 · Ubiquiti Networks · Edgeswitch X

Fr33Rh

Published

2019-04-10

Updated

2020-10-16

CVE-2019-5426

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Ubiquiti Networks EdgeSwitch X versions 1.1.0 and prior

Description The issue allows an unauthenticated user to utilize the local port forwarding and dynamic port forwarding functionalities, which can be exploited by remote attackers without credentials to access local services or forward traffic through the device if SSH is enabled.

Recommendations For versions 1.1.0 and prior, consider disabling SSH in the system settings until a fix is available. As a temporary workaround, restrict access to the local port forwarding and dynamic port forwarding functionalities to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-5426

Affected Products

Edgeswitch X

PT-2019-17659 · Ubiquiti Networks · Edgeswitch X

CVE-2019-5426

Weakness Enumeration

Related Identifiers

Affected Products

References · 4