PT-2019-17685 · Ubiquiti · Unifi Controller
Smartnoob
·
Published
2019-07-30
·
Updated
2022-12-06
·
CVE-2019-5456
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UniFi Controller versions prior to 5.10.22
Description
A malicious actor can set up an SMTP proxy server between the UniFi Controller and the actual SMTP server to record SMTP credentials for later malicious use.
Recommendations
For versions prior to 5.10.22, update to version 5.10.22 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Unifi Controller