PT-2020-19982 · Ubiquiti · Unifi Video Controller

Published

2020-04-01

Updated

2021-07-21

CVE-2020-8146

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UniFi Video Controller versions prior to 3.10.3

Description The issue is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The problem was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the Windows registry when installing the UniFi-Video controller.

Recommendations For versions prior to 3.10.3, update to UniFi Video Controller version 3.10.3 or newer to resolve the issue. As a temporary workaround, consider adjusting the .tsExport folder and the SafeDllSearchMode in the Windows registry to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-8146

Affected Products

Unifi Video Controller

PT-2020-19982 · Ubiquiti · Unifi Video Controller

CVE-2020-8146

Weakness Enumeration

Related Identifiers

Affected Products

References · 4