CVE-2020-24755

Name of the Vulnerable Software and Affected Versions Ubiquiti UniFi Video version 3.10.13

Description The issue is related to errors in the mechanism for checking the path of dynamically linked libraries in the UniFiVideo.exe executable file of Ubiquiti UniFi Video devices. Exploitation of this issue may allow an attacker to execute arbitrary code. The vulnerability was tested on Windows 7 x64 and Windows 10 x64 systems. When the executable starts, its first library validation is in the current directory, allowing for the impersonation and modification of the library to execute code on the system.

Recommendations For version 3.10.13, consider restricting access to the library validation mechanism in the current directory until a patch is available. As a temporary workaround, avoid executing the UniFiVideo.exe file from untrusted directories to minimize the risk of exploitation.