CVE-2017-0938
published 2019-02-12CVE-2017-0938: Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
PriorityP271high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.97%
97.2th percentile
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ui | airos | < 6.0.7 | 6.0.7 |
| ui | airos | >= 6.0.7 < 8.3.2 | 8.3.2 |
| ui | edgemax_firmware | < 1.9.7 | 1.9.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for UDP traffic on ports 10001 and 7004 directed at Ubiquiti devices (airMAX / EdgeMAX); unexpected high-volume responses may indicate abuse of the Discovery Protocol for amplification attacks. ↗
- →Detect use of the Ubiquiti Discovery Protocol as an amplification vector; unsolicited discovery responses leaking platform names and IP addresses indicate active exploitation. ↗
- ·Vulnerable firmware versions: airMAX below 8.3.2, airMAX below 6.0.7, and EdgeMAX below 1.9.7 are affected; devices running these versions with UDP 10001/7004 exposed are exploitable. ↗
- ·Exposure of UDP ports 10001 and 7004 to the internet on Ubiquiti devices enables both amplification DDoS and unauthorized disclosure of sensitive device metadata (platform names, IP addresses). ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cvm6-6p4g-49vw: Denial of Service attack in airMAX < 8
ghsa_unreviewed·2022-05-13
CVE-2017-0938 [HIGH] CWE-20 GHSA-cvm6-6p4g-49vw: Denial of Service attack in airMAX < 8
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
VulnCheck
ui airos Uncontrolled Resource Consumption
vulncheck·2017·CVSS 7.5
CVE-2017-0938 [HIGH] ui airos Uncontrolled Resource Consumption
ui airos Uncontrolled Resource Consumption
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.
Affected: ui airos
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://x.com/troutman/status/1090212243197870081
No detection rules found.
No public exploits indexed.
Checkpoint
5th August – Threat Intelligence Report
blogs_checkpoint·2024-08-05
CVE-2017-0938 5th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 5th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 5th August, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
American blood donation center OneBlood has been a victim of a ransomware attack that caused disruption to its software system, affecting operations across more than 350 hospitals in Florida, Georgia, and the Carolinas. The attack has forced the organization to operate at reduced capacity and manually process blood donations,
Bugzilla
CVE-2016-10149 python-pysaml2: Entity expansion issue
bugzilla·2017-01-23·CVSS 7.5
CVE-2016-10149 [HIGH] CVE-2016-10149 python-pysaml2: Entity expansion issue
CVE-2016-10149 python-pysaml2: Entity expansion issue
An entity expansion vulnerability was found in python-pysaml2.
Upstream patch:
https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
References:
http://seclists.org/oss-sec/2017/q1/140
Discussion:
Created python-pysaml2 tracking bugs for this issue:
Affects: fedora-all [bug 1415563]
---
This issue has been addressed in the following products:
Red Hat OpenStack Platform 10.0 (Newton)
Via RHSA-2017:0938 https://access.redhat.com/errata/RHSA-2017:0938
---
This issue has been addressed in the following products:
Red Hat OpenStack Platform 9.0 (Mitaka)
Via RHSA-2017:0937 https://access.redhat.com/errata/RHSA-2017:0937
---
This issue has been addressed in the following products:
Red Hat OpenStack P
https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215https://hackerone.com/reports/221625https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215https://hackerone.com/reports/221625
2019-02-12
Published
Exploited in the wild